On 29/11/24 14.19, Reza S wrote:
---
Mohon tidak posting dengan top posting style di milis ini, selalu
gunakan bottom (interleaved) posting untuk memudahkan pembacaan.
https://blog.joelesler.net/2009/12/bottom-posting.html
The particular part to pay attention to is in RFC1855 --
"- If you are sending a reply to a message or a posting be sure you
summarize the original at the top of the message, or include just
enough text of the original to give a context. This will make
sure readers understand when they start to read your response.
Since NetNews, especially, is proliferated by distributing the
postings from one host to another, it is possible to see a
response to a message before seeing the original. Giving context
helps everyone. But do not include the entire original!"
http://daringfireball.net/2007/07/on_top
The fundamental source of poor email style is the practice of quoting
the entire message you’re replying to. If that’s what you do, then it
doesn’t matter whether you put your response at the top or bottom. In
fact, if you’re going to quote the entire message, top-posting probably
is better. But both are poor form.
Writing an email is like writing an article. Only quote the relevant
parts, interspersing your new remarks between the quoted passages. Don’t
quote anything at all from the original message if you don’t have to.
Does it take more time to edit the portions of quoted text included in
your reply? Yes. So does spell-checking and proofreading. It also takes
time to shower and brush your teeth each day.
Gunakan fitur di webmail gmail (atau gmail apps) untuk kemudahan
melakukan bottom posting dan pemangkasan (trimming) teks.
http://webapps.stackexchange.com/questions/49884/how-to-insert-a-reply-inline-in-gmail
---
Iya benar pak Syafril, seperti link address yang bapak kirimkan error
messagenya, apakah ada cara untuk melimit pengiriman email dari mdaemon
misal dalam 1 jam bisa utk 200 email saja. mohon arahan masukkan
Itu artinya MDaemon di set always relay to smarthost ya?
https://mdaemon.dutaint.com/mdaemon/24.5.0/default-domain-and-servers_delivery.html
[x] Send all outbound email to a smart host
Smarthost yang punya karakteristik macam ini adalah yang pakai Exim MTA.
Exim MTA mempunyai fitur tersebut sebagai pencegahan terhadap Account
yang diduga ter hijack (compromise) digunakan oleh spammer untuk
broadcast spam melalui SMTPRelay server.
https://support.cpanel.net/hc/en-us/articles/360049231233-Unable-to-send-email-Domain-example-tld-has-exceeded-the-max-defers-and-failures-per-hour
Jadi selama client server (dhi MDaemon) tidak broadcast spam melalui
smtprelay exim MTA tidak akan terkena limitasi tersebut.
Di MDaemon juga ada fitur yang serupa, yang disebut account hijack
detection.
https://mdaemon.dutaint.com/mdaemon/24.5.0/security--hijack_detection.html
Account Hijack Detection
The options on this screen can be used to detect a possibly hijacked
MDaemon account and automatically prevent it from sending messages
through your server. For example, if a spammer somehow obtained an
account's email address and password then this feature could prevent the
spammer from using the account to send bulk junk e-mail through your
system. You can designate a maximum number of messages that may be sent
by an account in a given number of minutes, based on the IP address from
which it is connecting. You can also choose to disable accounts that
reach the limit. There is also an Exempt List that can be used to exempt
certain addresses from this restriction. Account Hijack Detection is
enabled by default.
Kalau dinginkan MDaemon tidak brodcast mail lebih dari 200 message per
hour tinggal lakukan penyesuaian.
Limit messages sent from all other IPs to 200 msgs in 60 minutes
atau
Limit messages sent from all other IPs to 20 msgs in 6 minutes
dan pastikan tidak ada akun yang masuk dalam pengecualian (exempt list)
Exempt List
Use the Exempt List to designate any addresses that you wish to exempt
from Account Hijack Detection. Wildcards are permitted. For example,
"newslett...@example.com" would exempt example.com's "newsletters"
MDaemon account, while "*@newsletters.example.com" would exempt all
MDaemon accounts belonging to the newsletters.example.com domain. The
Postmaster account is automatically exempt from Account Hijack Detection.
Hijack detection diatas adalah tindakan pencegahan setelah akun terhijack.
Akan lebih baik dilakukan pencegahan terhadap akun ter hijack, antra
lain dengan
1. Semua user diharapkan pakai strong password.
https://mdaemon.dutaint.com/mdaemon/24.5.0/passwords.html
2. Membatasi akses mail berdasar lokasi
https://mdaemon.dutaint.com/mdaemon/24.5.0/screening_location-screening.html
3. Mencegah hacker melakukan usaha menebak username/password yang valid
di MDaemon.
+ Mewajibkan user mengaktifkan SMTPAuthectication untuk kirim mail
melalui MDaemon
+ Mencegah authenticate on smtp port 25
https://mdaemon.dutaint.com/mdaemon/24.5.0/security--smtp_authentication.html
+ Keharusan user pakai secure connection, mencegah penggunaan script
kiddies dari hacker.
https://mdaemon.dutaint.com/mdaemon/24.5.0/default-domain-and-servers_servers.html
[ ] Allow plain text passwords
This option governs whether or not MDaemon will accept passwords sent in
plain text to the SMTP, IMAP, or POP3 servers. If disabled, the POP3
USER, POP3 PASS, IMAP LOGIN, IMAP AUTH LOGIN, and SMTP AUTH LOGIN
commands will return an error unless the connection is using SSL.
4. Authentication failure monitoring
https://mdaemon.dutaint.com/mdaemon/24.5.0/dynamic-screening_options.html
Enable Authentication Failure Tracking
When this option is enabled, the Dynamic Screening service will track
authentication failures for the protocols designated on the Protocols
tab and perform actions determined by the options on the Auth Failure
Tracking tab. This option is enabled by default.
Enable Dynamic Screening Block List
This option turns on the Dynamic Screening service's ability to block IP
addresses and ranges. You can manage the block list from the Dynamic
Block List tab. The block list option is on by default.
Enable Dynamic Screening Allow List
This option turns on the Dynamic Screening service's Dynamic Allow List
feature, which you can use to exempt IP addresses and ranges, to exclude
them from Dynamic Screening. The allow list is on by default.
Block Logon Policy Violations
By default MDaemon requires accounts to use their full email address
when logging in instead of just the mailbox portion of their address
(e.g. they must use "us...@example.com" instead of just "user1"). This
is controlled by the "Servers require full email address for
authentication" option on the Systems page. When that option is on, you
can also turn on this Block Logon Policy.
https://mdaemon.dutaint.com/mdaemon/24.5.0/preferences_system.html
[x] Servers require full email address for authentication
5. Penerapan HTTP Strict Transport Security di webmail dan remote
administration.
https://knowledge.mdaemon.com/enable-hsts-in-mdaemon-for-webmail-and-remote-administration
Prakteknya seperti ini di MDaemon versi lama
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg41277.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg41278.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg41279.html
--
syafril
-------
Syafril Hermansyah
MDaemon-L Moderator, run MDaemon 24.5.2
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.
Life is really simple, but we insist on making it complicated.
--- Confucius
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 24.5.2, SecurityGateway 10.5.2