masih lanjutan soal pemalsuan email di milist [EMAIL PROTECTED] hari ini ada email masuk kembali, malah dengan mengatasnamakan login saya, dan kalo saya baca replynya, sepertinya meremehkan tanggapan dari pak Adi maupun mas avuds. Jadi saya minta maaf (atas nama siapaun itu yang menggunakan alamat email saya). Email yang bersangkutan saya sertakan. Bila dilihat dari jam pengiriman, saya pasti sedang tidur di rumah setelah semalaman di depan komputer.
Pertama mengenai pertanyaan:
> solusi: set di main.cf: 'append_at_myorigin = no'.
>
> bisa jadi solusi. bisa jadi penyakit.
Memang di server ini, isinya adalah "yes", karena, email server
dibelakang gateway yang memiliki ip public, sedangkan email server hanya
ip private. Jika saya ganti "no", kan nanti alamatnya menjadi
gate.jarkom.net (hostname server email). tentu saja, karena sekarang
banyak menggunakan Pine maupun Mutt, bisa saja hostnamenya diset di /etc
(untuk keseluruhan sistem). Lalu bagaimana mengenai klien-2 yang
menggunakan autentikasi SASL (saat ini sih SASL belum beres, naum saya
ingin melihat implementasinya untuk kesempatan mendatangnya)? Apakah
nanti alamatnya yang terlihat?
lalu soal "penyakit", bisa dijelaskan lebih lanjut?
Berikut konfigurasi main.cfnya:
------------------------- awal main.cf -----------------------------
# see /usr/share/postfix/main.cf.dist for a commented, fuller
# version of this file.
# Do not change these directory settings - they are critical to Postfix
# operation.
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
smtpd_banner = Program Diploma Teknik Elektro Universitas Gajah Mada Yogyakarta ESMTP
$mail_name
setgid_group = postdrop
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = yes
myhostname = gate.jarkom.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#myorigin = /etc/mailname
mydestination = gate.jarkom.net, localhost.jarkom.net, localhost, te.pdft.ugm.ac.id
relayhost =
relay_transport=relay
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
home_mailbox=Maildir/
mailbox_size_limit = 51200000
recipient_delimiter = +
local_transport=local
local_recipient_maps=proxy:unix:passwd.byname $alias_maps
tansport_maps=hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
deadbeats_destination_concurrency_limit=50
#SASL
#enable_sasl_authentication=yes
smtpd_recipient_restrictions =
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client cbl.abuseat.org,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous
smtpd_sasl_local_domain=
broken_sasl_auth_clients=yes
notify_classes=2bounce,policy,protocol,resource,software
content_filter=smtp-amavis:[127.0.0.1]:10024
--------------------- akhir main.cf----------------------------
saya belum menyertakan konfigurasi yang ditawarkan oleh mas avuds.
well, main.cf diatas sudah saya edit setelah mengetahui masih lolos.
ternyata saya salah tulis. Ini bagian awal yang saya edit:
mydestination = gate.jarkom.net, localhost.jarkom.net, ,localhost,
^^^
te.pdft.ugm.ac.id
Inikah (spasi diatas ^^^) yang menimbulkan persoalan?
Saya sudah cek headernya, dan pengirimnya memang dari alamat tertentu.
Password server email ini yang mengetahui 4 org (termasuk saya), dua
dosen dan satu lagi teman. Saya juga sudah cek di auth.log, siapa tahu
ada yang bercanda ria dengan saya, namun tidak ada "su" ke login saya
(misal jadi rootpun). ssh-pun dari luar intranet sini sudah di blok di
level gateway (gateway tidak punya servis apapun. semua di masq ke
server email). Jadi saya berkeyakinan (CMIIW) kalo untuk kasus ini hanya
menggunakan problem email server yang kemungkinan salah saya
konfigurasi;-P~. Adakah saran? Mohon maaf kalo emailnya kepanjangan,
saya tambahkan panjang dengan menyertakan email saya saya sebut diawal
mengenai permintaan maaf:
------------------------ email dari [EMAIL PROTECTED] ------
From [EMAIL PROTECTED] Tue Dec 16 13:08:33 2003
Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
by gate.jarkom.net (Postfix) with ESMTP id 24DAD3FB3A
for <[EMAIL PROTECTED]>; Tue, 16 Dec 2003 13:08:33 +0700 (WIT)
Received: from gate.jarkom.net ([127.0.0.1])
by localhost (gate [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 28497-02 for <[EMAIL PROTECTED]>;
Tue, 16 Dec 2003 13:08:32 +0700 (WIT)
Received: from server9.client.org (unknown [66.246.38.250])
by gate.jarkom.net (Postfix) with SMTP id 36BD13FB34
for <[EMAIL PROTECTED]>; Tue, 16 Dec 2003 13:08:12 +0700 (WIT)
Received: (qmail 10315 invoked by uid 612); 16 Dec 2003 05:49:53 -0000
Received: by outgoing mail bandwidth measurement device
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Sequence: 2384
Delivered-To: mailing list [EMAIL PROTECTED]
Received: (qmail 10283 invoked from network); 16 Dec 2003 05:49:52 -0000
Received: by incoming mail bandwidth measurement device
Received: from 202-127-99-2.triplegate.net.id (202.127.99.2)
by 66.246.41.31 with QMTP; 16 Dec 2003 05:49:52 -0000
Received: (qmail 27206 invoked by uid 105); 16 Dec 2003 06:00:16 -0000
Received: from [EMAIL PROTECTED] by oracle by uid 118 with qmail-scanner-1.15
(avpdaemon: ???. spamassassin: 2.43. Clear:.
Processed in 10.696584 secs); 16 Dec 2003 06:00:16 -0000
Received: from unknown (HELO MULTIDOV) (172.19.21.212)
by oracle with SMTP; 16 Dec 2003 06:00:05 -0000
Message-ID: <[EMAIL PROTECTED]>
From: "I Gede Wijaya S" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Date: Tue, 16 Dec 2003 12:56:08 +0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
Subject: Re: [tanya-jawab] pemalsuan email
X-Virus-Scanned: by amavisd-new-20030616-p5 (Debian) at te.pdft.ugm.ac.id
Status: RO
Content-Length: 1059
ooohhhh gitu yah?
----- Original Message -----
From: "adi" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 16, 2003 2:28 AM
Subject: Re: [tanya-jawab] pemalsuan email
> On Mon, Dec 15, 2003 at 11:21:06PM +0700, -= avudz syah putra =- wrote:
> > smtpd_sender_restrictions = reject_invalid_hostname,
> > reject_non_fqdn_sender, reject_unknown_sender_domain
>
> dan pasti kejadian yang sama tetap berulang :-)
>
> restriksi di atas berlaku untuk envelope sender, sedang kasusnya
> adalah header yang ditambah dengan $myorigin, kalau hanya
> berupa bare username.
>
> solusi: set di main.cf: 'append_at_myorigin = no'.
>
> bisa jadi solusi. bisa jadi penyakit.
>
> Salam,
>
> P.Y. Adi Prasaja
>
> --
-------------------------- akhir email --------------------------
--
Program Diploma Teknik Elektro
Universitas Gadjah Mada
Yogyakarta
blog : http://www.jroller.com/page/gwijayas
gpg-key: http://te.pdft.ugm.ac.id/~jaya/jaya.gpg
signature.asc
Description: Digital signature
