On 29/11/24 14.19, Reza S wrote:
---
Mohon tidak posting dengan top posting style di milis ini, selalu
gunakan bottom (interleaved) posting untuk memudahkan pembacaan.

https://blog.joelesler.net/2009/12/bottom-posting.html

The particular part to pay attention to is in RFC1855 --

"- If you are sending a reply to a message or a posting be sure you
summarize the original at the top of the message, or include just
enough text of the original to give a context. This will make
sure readers understand when they start to read your response.
Since NetNews, especially, is proliferated by distributing the
postings from one host to another, it is possible to see a
response to a message before seeing the original. Giving context
helps everyone. But do not include the entire original!"

http://daringfireball.net/2007/07/on_top

The fundamental source of poor email style is the practice of quoting
the entire message you’re replying to. If that’s what you do, then it
doesn’t matter whether you put your response at the top or bottom. In
fact, if you’re going to quote the entire message, top-posting probably
is better. But both are poor form.

Writing an email is like writing an article. Only quote the relevant
parts, interspersing your new remarks between the quoted passages. Don’t
quote anything at all from the original message if you don’t have to.

Does it take more time to edit the portions of quoted text included in
your reply? Yes. So does spell-checking and proofreading. It also takes
time to shower and brush your teeth each day.

Gunakan fitur di webmail gmail (atau gmail apps) untuk kemudahan melakukan bottom posting dan pemangkasan (trimming) teks.

http://webapps.stackexchange.com/questions/49884/how-to-insert-a-reply-inline-in-gmail
---

Iya benar pak Syafril, seperti link address yang bapak kirimkan error messagenya, apakah ada cara untuk melimit pengiriman email dari mdaemon misal dalam 1 jam bisa utk 200 email saja. mohon arahan masukkan


Itu artinya MDaemon di set always relay to smarthost ya?

https://mdaemon.dutaint.com/mdaemon/24.5.0/default-domain-and-servers_delivery.html

[x] Send all outbound email to a smart host

Smarthost yang punya karakteristik macam ini adalah yang pakai Exim MTA.

Exim MTA mempunyai fitur tersebut sebagai pencegahan terhadap Account yang diduga ter hijack (compromise) digunakan oleh spammer untuk broadcast spam melalui SMTPRelay server.

https://support.cpanel.net/hc/en-us/articles/360049231233-Unable-to-send-email-Domain-example-tld-has-exceeded-the-max-defers-and-failures-per-hour

Jadi selama client server (dhi MDaemon) tidak broadcast spam melalui smtprelay exim MTA tidak akan terkena limitasi tersebut. Di MDaemon juga ada fitur yang serupa, yang disebut account hijack detection.

https://mdaemon.dutaint.com/mdaemon/24.5.0/security--hijack_detection.html

Account Hijack Detection

The options on this screen can be used to detect a possibly hijacked MDaemon account and automatically prevent it from sending messages through your server. For example, if a spammer somehow obtained an account's email address and password then this feature could prevent the spammer from using the account to send bulk junk e-mail through your system. You can designate a maximum number of messages that may be sent by an account in a given number of minutes, based on the IP address from which it is connecting. You can also choose to disable accounts that reach the limit. There is also an Exempt List that can be used to exempt certain addresses from this restriction. Account Hijack Detection is enabled by default.

Kalau dinginkan MDaemon tidak brodcast mail lebih dari 200 message per hour tinggal lakukan penyesuaian.

Limit messages sent from all other IPs to 200 msgs in 60 minutes

atau

Limit messages sent from all other IPs to 20 msgs in 6 minutes

dan pastikan tidak ada akun yang masuk dalam pengecualian (exempt list)

Exempt List

Use the Exempt List to designate any addresses that you wish to exempt from Account Hijack Detection. Wildcards are permitted. For example, "newslett...@example.com" would exempt example.com's "newsletters" MDaemon account, while "*@newsletters.example.com" would exempt all MDaemon accounts belonging to the newsletters.example.com domain. The Postmaster account is automatically exempt from Account Hijack Detection.

Hijack detection diatas adalah tindakan pencegahan setelah akun terhijack.
Akan lebih baik dilakukan pencegahan terhadap akun ter hijack, antra lain dengan

1. Semua user diharapkan pakai strong password.

https://mdaemon.dutaint.com/mdaemon/24.5.0/passwords.html

2. Membatasi akses mail berdasar lokasi

https://mdaemon.dutaint.com/mdaemon/24.5.0/screening_location-screening.html

3. Mencegah hacker melakukan usaha menebak username/password yang valid di MDaemon.

+ Mewajibkan user mengaktifkan SMTPAuthectication untuk kirim mail melalui MDaemon
+ Mencegah authenticate on smtp port 25

https://mdaemon.dutaint.com/mdaemon/24.5.0/security--smtp_authentication.html

+ Keharusan user pakai secure connection, mencegah penggunaan script kiddies dari hacker.

https://mdaemon.dutaint.com/mdaemon/24.5.0/default-domain-and-servers_servers.html


[ ] Allow plain text passwords

This option governs whether or not MDaemon will accept passwords sent in plain text to the SMTP, IMAP, or POP3 servers. If disabled, the POP3 USER, POP3 PASS, IMAP LOGIN, IMAP AUTH LOGIN, and SMTP AUTH LOGIN commands will return an error unless the connection is using SSL.

4. Authentication failure monitoring

https://mdaemon.dutaint.com/mdaemon/24.5.0/dynamic-screening_options.html

Enable Authentication Failure Tracking

When this option is enabled, the Dynamic Screening service will track authentication failures for the protocols designated on the Protocols tab and perform actions determined by the options on the Auth Failure Tracking tab. This option is enabled by default.

Enable Dynamic Screening Block List

This option turns on the Dynamic Screening service's ability to block IP addresses and ranges. You can manage the block list from the Dynamic Block List tab. The block list option is on by default.

Enable Dynamic Screening Allow List

This option turns on the Dynamic Screening service's Dynamic Allow List feature, which you can use to exempt IP addresses and ranges, to exclude them from Dynamic Screening. The allow list is on by default.

Block Logon Policy Violations

By default MDaemon requires accounts to use their full email address when logging in instead of just the mailbox portion of their address (e.g. they must use "us...@example.com" instead of just "user1"). This is controlled by the "Servers require full email address for authentication" option on the Systems page. When that option is on, you can also turn on this Block Logon Policy.

https://mdaemon.dutaint.com/mdaemon/24.5.0/preferences_system.html

[x] Servers require full email address for authentication

5. Penerapan HTTP Strict Transport Security di webmail dan remote administration.

https://knowledge.mdaemon.com/enable-hsts-in-mdaemon-for-webmail-and-remote-administration

Prakteknya seperti ini di MDaemon versi lama

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg41277.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg41278.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg41279.html





--
syafril
-------
Syafril Hermansyah

MDaemon-L Moderator, run MDaemon 24.5.2
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.

Life is really simple, but we insist on making it complicated.
        --- Confucius


--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 24.5.2, SecurityGateway 10.5.2



Kirim email ke