[MDaemon-L] DNS server reports domain name unknown

2018-03-06 Terurut Topik Slamet Raharjo 
> ftp://ftp.dutaint.com/altn-mdaemon/miscl/ReverseXcpt.dat
> 
> jadi update saja file \\mdaemon\app\ReverseXcpt.dat dengan mengunduh
> file dari ftp.dutaint.com, timpakan ke \\mdaemon\app lalu restart
> MDaemon service dari window service control panel.

Ok pak, kesimpulannya untuk solusinya sama dengan menambahakan PTR ya di bagian 
ini : ReverseXcpt.dat

Terima kasih pak.

Best Regards,

Slamet Raharjo
IT Dept.




--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0.1

[MDaemon-L] DNS server reports domain name unknown

2018-03-06 Terurut Topik Syafril Hermansyah 
On 07/03/18 12:01, Slamet Raharjo wrote:
> Saya mendapatkan logs terkait SMTP session terminated, Untuk DNS server
> reports domain name unknown apakah sama dengan issue PTR (Reversed Lookup) ?


Tidak.


> Wed 2018-03-07 10:51:54.004: 05: Accepting SMTP connection from
> 103.13.36.8:50650 to 192.168.1.19:25
> Wed 2018-03-07 10:51:54.010: 03: --> 250-mail.aio.co.id Hello
> fsmsg.enseval.com, pleased to meet you

> Wed 2018-03-07 10:51:55.013: 03: --> 501 5.7.0 fsmsg.enseval.com is invalid
> or DNS says does not exist


Mail ini ditolak karena identitas sender host (FQDN host, fsmsg.enseval.com)
tidak terdaftar di internet.

$ host fsmsg.enseval.com
Host fsmsg.enseval.com not found: 3(NXDOMAIN)

IP 103.13.36.8 sudah lama terdaftar di

ftp://ftp.dutaint.com/altn-mdaemon/miscl/ReverseXcpt.dat

jadi update saja file \\mdaemon\app\ReverseXcpt.dat dengan mengunduh file dari
ftp.dutaint.com, timpakan ke \\mdaemon\app lalu restart MDaemon service dari
window service control panel.

kalau ingin selalu sync file itu dengan ftp.dutaint.com maka pastikan dari
MDaemon bisa akses ke ftp://ftp.dutaint.com dengan open/allow tcp port 21 di
firewall lalu unduh script berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/Reverse.zip

ekstrak isinya ke folder \\mdaemon\app\xtra, lalu salin file
\\mdaemon\app\xtra\midnight.bat ke \\mdaemon\app.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg31024.html

dan ini alasan dari melakukan legalitas check kalau user Anda menanyakan 
alasannya

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg30002.html




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 Beta B, SP 5.5.1-64 Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Meraih mimpi itu baik tapi melampaui mimpi itu jauh lebih baik…
--- Anies Baswedan


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0.1

[MDaemon-L] DNS server reports domain name unknown

2018-03-06 Terurut Topik Slamet Raharjo 
Dear Pak Syafril,

Saya mendapatkan logs terkait SMTP session terminated, Untuk DNS server
reports domain name unknown apakah sama dengan issue PTR (Reversed Lookup) ?

Wed 2018-03-07 10:51:54.643: 01: --
Wed 2018-03-07 10:51:54.004: 05: Session 390469; child 0001
Wed 2018-03-07 10:51:54.004: 05: Accepting SMTP connection from
103.13.36.8:50650 to 192.168.1.19:25
Wed 2018-03-07 10:51:54.005: 03: --> 220 mail.aio.co.id ESMTP MDaemon
15.5.3; Wed, 07 Mar 2018 10:51:54 +0700
Wed 2018-03-07 10:51:54.010: 02: <-- EHLO fsmsg.enseval.com
Wed 2018-03-07 10:51:54.010: 03: --> 250-mail.aio.co.id Hello
fsmsg.enseval.com, pleased to meet you
Wed 2018-03-07 10:51:54.010: 03: --> 250-ETRN
Wed 2018-03-07 10:51:54.010: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Wed 2018-03-07 10:51:54.010: 03: --> 250-8BITMIME
Wed 2018-03-07 10:51:54.010: 03: --> 250-ENHANCEDSTATUSCODES
Wed 2018-03-07 10:51:54.010: 03: --> 250 SIZE 5120
Wed 2018-03-07 10:51:54.015: 02: <-- MAIL From:
SIZE=14946
Wed 2018-03-07 10:51:54.017: 05: Performing PTR lookup
(8.36.13.103.IN-ADDR.ARPA)
Wed 2018-03-07 10:51:54.057: 05: *  D=8.36.13.103.IN-ADDR.ARPA TTL=(60)
PTR=[imss.enseval.com]
Wed 2018-03-07 10:51:54.363: 05: *  D=imss.enseval.com TTL=(29)
A=[103.13.36.8]
Wed 2018-03-07 10:51:54.363: 05:  End PTR results
Wed 2018-03-07 10:51:54.365: 05: Performing IP lookup (fsmsg.enseval.com)
Wed 2018-03-07 10:51:55.013: 04: *  DNS server reports domain name unknown
Wed 2018-03-07 10:51:55.013: 05:  End IP lookup results
Wed 2018-03-07 10:51:55.013: 03: --> 501 5.7.0 fsmsg.enseval.com is invalid
or DNS says does not exist
Wed 2018-03-07 10:51:55.014: 04: SMTP session terminated (Bytes in/out:
69/305)
Wed 2018-03-07 10:51:55.014: 01: --

Mohon pencerahannya.

Best Regards,

Slamet Raharjo
IT Dept.



-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0.1

[MDaemon-L] Serangan Spam di mail server dima.co.id

2018-03-06 Terurut Topik Syafril Hermansyah 
On 07/03/18 09:24, Heryanto wrote:
> mengenai saran sudah kami lakukan upgrade ke versi 17.5.x. dan sudah kami
> aktifkan new dynamic screening dan geo location screening. Tetapi masih masuk
> notif email seperti di bawah ini apakah ini merupakan serangan baru atau
> bagaimana ya pak syafril ?


Bukan, itu spam mail lama yang sudah terkirim ke smarthost antispamcloud.com.
Abaikan saja, sampai nanti pengiriman gagal.


BTW. Kalau reply lakukan penghapusan kutipan teks yang tidak sesuai dengan
konteks yang akan dijawab.
Mail lengkap sudah di sent folder dan di arsip.

http://daringfireball.net/2007/07/on_top

The fundamental source of poor email style is the practice of quoting the entire
message you’re replying to. If that’s what you do, then it doesn’t matter
whether you put your response at the top or bottom. In fact, if you’re going to
quote the entire message, top-posting probably is better. But both are poor 
form.

Does it take more time to edit the portions of quoted text included in your
reply? Yes. So does spell-checking and proofreading. It also takes time to
shower and brush your teeth each day.




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 Beta B, SP 5.5.1-64 Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Most people spend their entire lives in a fantasy Island called ‘Someday I’ll.’
--- Denis Waitley


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0.1

[MDaemon-L] Serangan Spam di mail server dima.co.id

2018-03-06 Terurut Topik Heryanto 
Dear Pak Syafril,

> Upgrade versi MDaemon ke versi 17.5.x dan aktifkan new dynamic screening dan 
> Geo location screening.

> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42185.html
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42186.html
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42187.html

Terima kasih sebelum nya , mengenai saran sudah kami lakukan upgrade ke versi 
17.5.x. dan sudah kami aktifkan new dynamic screening dan geo location 
screening. Tetapi masih masuk notif email seperti di bawah ini apakah ini 
merupakan serangan baru atau bagaimana ya pak syafril ?

Log :
-Original Message-
From: Mail Delivery System 
To: ki...@dima.co.id
Date: Wed, 07 Mar 2018 02:56:55 +0100
Subject: Warning: message 1et0I7-0007eN-GO delayed 24 hours
  
This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue on mx36.antispamcloud.com.

The message identifier is: 1et0I7-0007eN-GO
The date of the message is:Mon, 05 Mar 2018 11:58:58 -0500
The subject of the message is: Invoices Overdue

The address to which the message has not yet been delivered is:

  pa...@drogheda.com

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.


-Original Message-
From: Mail Delivery System 
To: ki...@dima.co.id
Date: Wed, 07 Mar 2018 03:07:34 +0100
Subject: Warning: message 1et1Ho-0002aN-H8 delayed 24 hours
  
This message was created automatically by mail delivery software.
A message that you sent has not yet been delivered to one or more of its
recipients after more than 24 hours on the queue on mx35.antispamcloud.com.

The message identifier is: 1et1Ho-0002aN-H8
The date of the message is:Tue, 06 Mar 2018 02:15:18 +0900
The subject of the message is: Tracking Number 5TH08096009560885

The address to which the message has not yet been delivered is:

  rajesh.gu...@globaltraveldesk.com

No action is required on your part. Delivery attempts will continue for
some time, and this warning may be repeated at intervals if the message
remains undelivered. Eventually the mail delivery software will give up,
and when that happens, the message will be returned to you.

Thank’s


Heryanto

-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of Syafril 
Hermansyah
Sent: 06 March 2018 11:36
To: MDaemon-L@dutaint.com
Subject: [MDaemon-L] Serangan Spam di mail server dima.co.id

On 06/03/18 11:07, Heryanto wrote:
> Mohon pencerahan bahwa per hari ada serangan spam di salah satu email 
> account kami dengan nama ki...@dima.co.id dengan mengirimkan ribuan 
> email ke Remote dan local, berikut ini saya lampir kan contoh header nya.
> 
> 
> Mohon bantuan nya langkah yang perlu kami lakukan agar tidak terjadi 
> serangan kembali.


Upgrade versi MDaemon ke versi 17.5.x dan aktifkan new dynamic screening dan 
Geo location screening.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42185.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42186.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42187.html




--
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 Beta B, SP 5.5.1-64 Beta A Harap 
tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Most people spend their entire lives in a fantasy Island called ‘Someday I’ll.’
--- Denis Waitley


--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke 
mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, 
SG 5.0.1





--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0.1

[MDaemon-L] Email tidak masuk dan email lama masuk

2018-03-06 Terurut Topik Syafril Hermansyah 
On 2018-03-06 18:40, Bambang Setiawan via MDaemon-L wrote:
> Mohon bantuannya Pak, saat ini beberapa email dari luar lama masuk /
> tidak masuk ke mailserver saya,
> 
> Saya coba tes kirim email dari yahoo / gmail ke domain kami dan
> terlampir disampaikan email headernya Pak,


Problemnya di authoritative DNS server domain persada.id yang lambat
response sehingga internal proses mail di sender domain lambat.

Konsultasikan dengan DNS hoster idwebhost.id (jogjacamp.co.id), tanyakan
apakah ada gangguan DNS siang s/d sore tadi.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 18.0-64 Beta B, SP 5.5.1-64 Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Anda dapat mencapai apapun dalam hidup, asalkan Anda tidak keberatan
siapa yang mendapat nama.
-- Harry S. Truman














-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0.1

[MDaemon-L] Email tidak masuk dan email lama masuk

2018-03-06 Terurut Topik Bambang Setiawan via MDaemon-L 

Dear Pak Syafril,


Mohon bantuannya Pak, saat ini beberapa email dari luar lama masuk / 
tidak masuk ke mailserver saya,


Saya coba tes kirim email dari yahoo / gmail ke domain kami dan 
terlampir disampaikan email headernya Pak,



Email header dari gmail :

X-MDAV-Processed: mail.persada.id, Tue, 06 Mar 2018 18:23:55 +0700
Return-path: 
Authentication-Results: mail.persada.id
    spf=pass smtp.mailfrom=_spf.google.com;
    dkim=pass (good signature) header.d=gmail.com header.b=SAFDQJ6GTc;
    dmarc=pass header.from=gmail.com (p=none sampling=15 pct=100);
    iprev=pass policy.iprev=209.85.213.49 (PTR mail-vk0-f49.google.com);
    iprev=pass policy.iprev=209.85.213.49 (HELO mail-vk0-f49.google.com);
    iprev=fail policy.iprev=209.85.213.49 reason="does not match" (MAIL 
b3nkb...@gmail.com)

Received-SPF: pass (mail.persada.id: domain gmail.com
    designates 209.85.213.49 as permitted sender)
    receiver=mail.persada.id; client-ip=209.85.213.49;
    mechanism=ip4:209.85.128.0/17; envelope-from="b3nkb...@gmail.com";
    helo=mail-vk0-f49.google.com;
Received: from mail-vk0-f49.google.com (mail-vk0-f49.google.com 
[209.85.213.49])
    by mail.persada.id (124.81.84.135) (MDaemon PRO v17.0.2) with ESMTP 
id md50001996334.msg;

    Tue, 06 Mar 2018 18:23:55 +0700
X-Spam-Processed: mail.persada.id, Tue, 06 Mar 2018 18:23:55 +0700
    (not processed: sender in recipient's private address book)
X-MDDKIM-Result: unapproved (mail.persada.id)
X-MDSPF-Result: unapproved (mail.persada.id)
X-MDRemoteIP: 209.85.213.49
X-MDHelo: mail-vk0-f49.google.com
X-MDArrival-Date: Tue, 06 Mar 2018 18:23:55 +0700
X-Rcpt-To: bambang.setia...@persada.id
X-MDRcpt-To: bambang.setia...@persada.id
X-Return-Path: b3nkb...@gmail.com
X-Envelope-From: b3nkb...@gmail.com
X-MDaemon-Deliver-To: bambang.setia...@persada.id
X-CAV-Result: clean
Received: by mail-vk0-f49.google.com with SMTP id y127so12034262vky.9
    for ; Tue, 06 Mar 2018 03:23:48 
-0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=gmail.com; s=20161025;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to;
    bh=N64MoCzIkyBLNxIjNdUSbFpsTqOZMz+/NUv0hyUkDeU=;
b=SAFDQJ6GTcloc5iplWGktqebEisBWxy6FROTcEwLt6E6h+AEY6eFIxTKSYEXBI8AP9
lRRzTgemngDqTAoXusBEBDmqiiLf384sO1rvf+YBej0/HpskjFo+39BjnDHcugAHz0hp
UEUK7iKT57XTNp2/N5BXDoaVJfS5mNkCWtV54Ss3lnVZ6vGJ//giN0m02E6SKNYGBwxv
XzUz+Sh7EgO4vmijlpxu7hIh7QarsmwufxSCCpBu3gdxyNBmhD2wQjI8kgBcoQKU4RUb
6Cw46kfzfB8a39vVuqGx9S6994Il3F0y0MUyvN+yoPwN0lr0Kxti7mpCp5sN1frM5dpU
 T5Iw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
    d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to;
    bh=N64MoCzIkyBLNxIjNdUSbFpsTqOZMz+/NUv0hyUkDeU=;
b=sNvNkx+o3GBFXOEx30TWBR0ioA6myV9DcqldUv8z8ZUrOYZp4vTiC7igCRs49OzeZi
bbTpmknMBtMmuHr9r4bCNHmyn5bfDtNS+Y2wPeMGs1dgf45wI/1LU0wNBsgibtCWR8++
3oDyKLv22onGp3ZLr6YxBqp/G/wMk1fEJt8OUvKOAJvus+k9Lh7uap1HLIafMJX1nMuc
g4xmIKN7ZumkxT0o+Duk9lARy2naknGDOUZul3DMAJDpBCCc5E96d+yOk8iWdPRYp/SR
7vAT4uXQHcaflqNDFkKeHSZlq0B6zoJpDcXzEgsBPmEbMlAl3opz59oZXZYy7kmU5u4W
 yGxA==
X-Gm-Message-State: AElRT7HbEcW6BAgeGafq4N+KT56WgwY2tJb8TZNF35t8omLAVgilrq+9
    mqEPNUOzEOZ2fgaQc95BC1kRCokWfgn9KieqZnI=
X-Google-Smtp-Source: 
AG47ELvt1Z2cmP5/jBgPKoEBViVHoVY19f9ZMxeybrakXlHtl72G9T28s41v19MJQYjqtKHLTN9PwgfGJuuiKbxvEQU=
X-Received: by 10.31.228.4 with SMTP id b4mr1574188vkh.74.1520333999224; 
Tue,

 06 Mar 2018 02:59:59 -0800 (PST)
MIME-Version: 1.0
Received: by 10.103.28.2 with HTTP; Tue, 6 Mar 2018 02:59:58 -0800 (PST)
In-Reply-To: 
References: 
From: Bambang Setiawan 
Date: Tue, 6 Mar 2018 17:59:58 +0700
Message-ID: 


Subject: Re: tes
To: Bambang Setiawan 
Content-Type: multipart/alternative; boundary="94eb2c0914a8f6bb8d0566bc57b9"

Email header yahoo

X-MDAV-Processed: mail.persada.id, Tue, 06 Mar 2018 18:27:22 +0700
Return-path: 
Authentication-Results: mail.persada.id
    spf=pass smtp.mailfrom=_spf.mail.yahoo.com;
    dkim=pass (good signature) header.d=yahoo.co.uk header.b=ii4GqElOf/;
    dmarc=pass header.from=yahoo.co.uk (p=reject sampling=8 pct=100);
    iprev=pass policy.iprev=106.10.241.139 (PTR 
sonic306-19.consmr.mail.sg3.yahoo.com);
    iprev=pass policy.iprev=106.10.241.139 (HELO 
sonic306-19.consmr.mail.sg3.yahoo.com);
    iprev=fail policy.iprev=106.10.241.139 reason="does not match" 
(MAIL benkbe...@yahoo.co.uk)

Received-SPF: pass (mail.persada.id: domain yahoo.co.uk
    designates 106.10.241.139 as permitted sender)
    receiver=mail.persada.id; client-ip=106.10.241.139;
    mechanism=ptr:yahoo.com; envelope-from="benkbe...@yahoo.co.uk";
    helo=sonic306-19.consmr.mail.sg3.yahoo.com;
Received: from