date:20180530

[mdaemon-l] SPF records

2018-05-30 Terurut Topik Syafril Hermansyah

On 2018-05-30 16:37, Thariq Basyir (thariqbas...@gmail.com) wrote:
>  [168818] --> RCPT To: 
> 
>   [168818] <-- 553-SPF (Sender Policy Framework) domain authentication
>   [168818] <-- 553-fail. Refer to the Troubleshooting page at
>   [168818] <-- 553-http://www.symanteccloud.com/troubleshooting for more
>   [168818] <-- 553 information. (#5.7.1)


Mail ditolak karena dikirim melalui IP yang tidak terdaftar sebagai SPF
host.

ubah SPF host dengan memasukkan IP baru yang digunakan mail.kompas.tv
kedalamnya

check outbound IP dengan akses ke sini

http://whatismyip.com

atau ubah parameter qualifier dari -all (Fail) menjadi ~all (SoftFail)

https://en.wikipedia.org/wiki/Sender_Policy_Framework

$ host -t txt kompas.tv
kompas.tv descriptive text "v=spf1 ip4:202.146.0.67 -all"

ubah menjadi

"v=spf1 ip4:202.146.0.67 ~all"

setidaknya sementara waktu sampai setting router/firewall diperbaiki
agar outbound IP yang digunakan MDameon = 202.146.0.67


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 18.0.2-64 Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Don’t worry about failures, worry about the chances you miss when you
don’t even try.
--- Jack Canfield


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.1, SG 5.5.0

[mdaemon-l] SPF records

2018-05-30 Terurut Topik Thariq Basyir

Pak syafril, mohon analisa dan solusi dari log dibawah


=  Session Transcript  =


  [168818] Session 168818; child 0001
  [168818] Parsing message 
  [168818] *  From: julie.wib...@kompas.tv
  [168818] *  To: affendie.se...@mpsilva.com
  [168818] *  Subject: FW: Letter for payment
  [168818] *  Size (bytes): 83334
  [168818] *  Message-ID: <007201d3f7f3$8f43b890$adcb29b0$@kompas.tv>
<007201d3f7f3$8f43b890$adcb29b0$@kompas.tv>
  [168818] Resolving MX record for mpsilva.com (DNS Server: 10.60.6.14)...
  [168818] *  P=010 S=000 D=mpsilva.com TTL=(0) MX=[cluster1.eu.messagelabs.com]
  [168818] *  P=020 S=001 D=mpsilva.com TTL=(0)
MX=[cluster1a.eu.messagelabs.com]
  [168818] Attempting SMTP connection to cluster1.eu.messagelabs.com
  [168818] Resolving A record for cluster1.eu.messagelabs.com (DNS
Server: 10.60.6.14)...
  [168818] *  D=cluster1.eu.messagelabs.com TTL=(13) A=[85.158.142.97]
  [168818] *  D=cluster1.eu.messagelabs.com TTL=(13) A=[46.226.52.97]
  [168818] *  D=cluster1.eu.messagelabs.com TTL=(13) A=[46.226.53.49]
  [168818] *  D=cluster1.eu.messagelabs.com TTL=(13) A=[46.226.52.193]
  [168818] Randomly picked 85.158.142.97 from list of possible hosts
  [168818] Attempting SMTP connection to 85.158.142.97:25
  [168818] Waiting for socket connection...
  [168818] *  Connection established 10.8.40.3:50189 --> 85.158.142.97:25
  [168818] Waiting for protocol to start...
  [168818] <-- 220 server-20.tower-222.messagelabs.com ESMTP
  [168818] --> EHLO mail.kompas.tv
  [168818] <-- 250-server-20.tower-222.messagelabs.com
  [168818] <-- 250-STARTTLS
  [168818] <-- 250-PIPELINING
  [168818] <-- 250 8BITMIME
  [168818] --> MAIL From: 
  [168818] <-- 250 OK
  [168818] --> RCPT To: 
  [168818] <-- 553-SPF (Sender Policy Framework) domain authentication
  [168818] <-- 553-fail. Refer to the Troubleshooting page at
  [168818] <-- 553-http://www.symanteccloud.com/troubleshooting for more
  [168818] <-- 553 information. (#5.7.1)
  [168818] --> QUIT


=End Transcript=


apakah email kami ditolak karena SPF recordnya tidak valid?

Regards,
Thariq Basyir

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.1, SG 5.5.0

[mdaemon-l] Message delivery failed

2018-05-30 Terurut Topik Ahmad Ardiansyah

tidak pak, terdeteksi ipnya : 202.158.16.253

apakah ini yang membuat error itu?

2018-05-28 18:43 GMT+07:00 Syafril Hermansyah :

> On 2018-05-28 17:23, Ahmad Ardiansyah (ardiansyah.em...@gmail.com) wrote:
> > apakah email kami terhalang oleh anvir dari domain tertuju?
>
> Ya, tetapi karena salah deteksi.
>
>
> >  [035795] <-- 550 5.7.1 : Recipient
> address rejected: Message rejected due to: SPF fail - not authorized.
> Please see http://www.openspf.net/Why?s=mfrom;id=jeffri.partogi@
> kompas.tv;ip=202.158.16.246;r=deden.darmawij...@trans7.co.id
>
>
> IP kompas.tv adalah 202.146.0.67 (mail.kompas.tv0 bukan 202.158.16.246
> (mail.kompas.co.id).
>
> Coba diperiksa dari MDaemon mail.kompas.tv browsing ke sini
>
> http://whatismyip.com
>
> apakah terdeteksi ip nya 202.146.0.67?
>
>
>
>
>
> --
> syafril
> ---
> Syafril Hermansyah
> MDaemon-L Moderators, MDaemon 18.0.2-64 Beta A
> Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
>
> Study the past if you would define the future.
> ---  Confucius
>
>
> --
> --[mdaemon-l]--
> Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
>
> Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
> Arsip: http://mdaemon-l.dutaint.com
> Dokumentasi : http://mdaemon.dutaint.co.id
> Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
> Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
> Versi terakhir MD 18.0.1, SG 5.5.0
>
>
>

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.1, SG 5.5.0

[mdaemon-l] Spam email

2018-05-30 Terurut Topik Syafril Hermansyah

On 30/05/18 14:48, Heryanto (herya...@dima.co.id) wrote:
> Berikut kami ingin bertanya mengenai spam email dan kami lampirkan log
> di bawah ini.

> Tue 2018-05-29 00:00:28.383: [613307] *  From: irvan.gusti...@dima.co.id
> 
> Tue 2018-05-29 00:00:28.383: [613307] *  To: volkmarpe...@yahoo.de
> 
> Tue 2018-05-29 00:00:28.383: [613307] *  Message-ID: 
> <1122920144.20185281...@yahoo.de>

Ini bukan kasus terima spam mail, tetapi akun irvan.gusti...@dima.co.id
terkena hijack dan dimanfaatkan oleh spammer untuk kirim spam mail.
Aneh juga kok masih ada akun terhijack padahal Geo Location Screening
sudah diaktifkan.
Atau memang sengaja geo location dan dynamic screening tidak diaktifkan?

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42884.html

kalau memang tetap diaktifkan, coba periksa ke smtp-in log transaksi
mail diatas pengirimnya siapa atau IP mana.

BTW. Kenapa tidak lagi menggunakan smarthost smtp.antispamcloud.com?

>  koneksi Connection established 116.254.100.37:61769 --> 188.125.69.79:25 
> maksud nya port apa ya 61769 ?

port 61769 adalah ephemeral port atau dikenal juga dengan nama dynamic port.

https://en.wikipedia.org/wiki/Ephemeral_port

digunakan oleh aplikasi untuk penerapan multi session/multi tasking (1
port bisa menangani banyak session connetion pada saat yang sama).

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0.2-64 bit Beta A
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

There are three kinds of men. The ones that learn by readin’. The few
who learn by observation.
The rest of them have to pee on the electric fence for themselves.
--- Will Rogers

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.1, SG 5.5.0

[mdaemon-l] Spam email

2018-05-30 Terurut Topik Heryanto

Dear Pak Syafril ,

 

Berikut kami ingin bertanya mengenai spam email dan kami lampirkan log di
bawah ini.

Pertanyaan nya bagaimana cara bloking spam email Pak Syafril  dan yg ingin
kami tanya kan mengenai koneksi Connection established 116.254.100.37:61769
--> 188.125.69.79:25 maksud nya port apa ya 61769 ?

 

 

Tue 2018-05-29 00:00:28.382: [613307] Session 613307; child 0020

Tue 2018-05-29 00:00:28.382: [613307] Parsing message


Tue 2018-05-29 00:00:28.383: [613307] *  From: irvan.gusti...@dima.co.id

Tue 2018-05-29 00:00:28.383: [613307] *  To: volkmarpe...@yahoo.de

Tue 2018-05-29 00:00:28.383: [613307] *  Subject: Fakturierung 41492278333

Tue 2018-05-29 00:00:28.383: [613307] *  Size (bytes): 1253

Tue 2018-05-29 00:00:28.383: [613307] *  Message-ID:
<1122920144.20185281...@yahoo.de>

Tue 2018-05-29 00:00:28.406: [613307] Resolving MX record for yahoo.de (DNS
Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.413: [613307] *  P=010 S=000 D=yahoo.de TTL=(13)
MX=[mx-eu.mail.am0.yahoodns.net]

Tue 2018-05-29 00:00:28.413: [613307] Attempting SMTP connection to
mx-eu.mail.am0.yahoodns.net

Tue 2018-05-29 00:00:28.413: [613307] Resolving A record for
mx-eu.mail.am0.yahoodns.net (DNS Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.419: [613307] *  D=mx-eu.mail.am0.yahoodns.net
TTL=(47) A=[188.125.69.79]

Tue 2018-05-29 00:00:28.419: [613307] Attempting SMTP connection to
188.125.69.79:25

Tue 2018-05-29 00:00:28.420: [613307] Waiting for socket connection...

Tue 2018-05-29 00:00:28.679: [613307] *  Connection established
116.254.100.37:61769 --> 188.125.69.79:25

Tue 2018-05-29 00:00:28.679: [613307] Waiting for protocol to start...

Tue 2018-05-29 00:00:28.937: [613307] <-- 220 mta1157.mail.ir2.yahoo.com
ESMTP ready

Tue 2018-05-29 00:00:28.937: [613307] --> EHLO mail.dima.co.id

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-mta1157.mail.ir2.yahoo.com

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-PIPELINING

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-SIZE 41943040

Tue 2018-05-29 00:00:29.194: [613307] <-- 250-8BITMIME

Tue 2018-05-29 00:00:29.194: [613307] <-- 250 STARTTLS

Tue 2018-05-29 00:00:29.194: [613307] --> STARTTLS

Tue 2018-05-29 00:00:29.453: [613307] <-- 220 2.0.0 Start TLS

Tue 2018-05-29 00:00:30.016: [613307] SSL negotiation successful (TLS 1.2,
256 bit key exchange, 128 bit AES encryption)

Tue 2018-05-29 00:00:30.017: [613307] SSL certificate is valid (matches
mx-eu.mail.am0.yahoodns.net and is signed by recognized CA)

Tue 2018-05-29 00:00:30.017: [613307] --> EHLO mail.dima.co.id

Tue 2018-05-29 00:00:30.275: [613307] <-- 250-mta1157.mail.ir2.yahoo.com

Tue 2018-05-29 00:00:30.275: [613307] <-- 250-PIPELINING

Tue 2018-05-29 00:00:30.275: [613307] <-- 250-SIZE 41943040

Tue 2018-05-29 00:00:30.275: [613307] <-- 250 8BITMIME

Tue 2018-05-29 00:00:30.275: [613307] --> MAIL
From: SIZE=1253

Tue 2018-05-29 00:00:32.087: [613307] <-- 421 4.7.0 [TSS04] Messages from
116.254.100.37 temporarily deferred due to user complaints - 4.16.55.1; see
https://help.yahoo.com/kb/postmaster/SLN3434.html

Tue 2018-05-29 00:00:32.087: [613307] --> QUIT

Tue 2018-05-29 00:00:32.087: [613307] *  This message is 54 minutes old; it
has 6 minutes left in this queue

Tue 2018-05-29 00:00:32.087: [613307] SMTP session terminated (Bytes in/out:
400/303)

 

 

Tue 2018-05-29 00:00:28.339: [613332] Session 613332; child 0017

Tue 2018-05-29 00:00:28.339: [613332] Parsing message


Tue 2018-05-29 00:00:28.340: [613332] *  From: stella.va...@dima.co.id

Tue 2018-05-29 00:00:28.340: [613332] *  To: heikesiep...@yahoo.de

Tue 2018-05-29 00:00:28.340: [613332] *  Subject: UPS Shipment Notification

Tue 2018-05-29 00:00:28.340: [613332] *  Size (bytes): 1591

Tue 2018-05-29 00:00:28.340: [613332] *  Message-ID:
<54101068722.2018528155...@yahoo.de>

Tue 2018-05-29 00:00:28.384: [613332] Resolving MX record for yahoo.de (DNS
Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.407: [613332] *  P=010 S=000 D=yahoo.de TTL=(13)
MX=[mx-eu.mail.am0.yahoodns.net]

Tue 2018-05-29 00:00:28.407: [613332] Attempting SMTP connection to
mx-eu.mail.am0.yahoodns.net

Tue 2018-05-29 00:00:28.407: [613332] Resolving A record for
mx-eu.mail.am0.yahoodns.net (DNS Server: 116.254.101.2)...

Tue 2018-05-29 00:00:28.414: [613332] *  D=mx-eu.mail.am0.yahoodns.net
TTL=(47) A=[188.125.69.79]

Tue 2018-05-29 00:00:28.414: [613332] Attempting SMTP connection to
188.125.69.79:25

Tue 2018-05-29 00:00:28.414: [613332] Waiting for socket connection...

Tue 2018-05-29 00:00:28.679: [613332] *  Connection established
116.254.100.37:61760 --> 188.125.69.79:25

Tue 2018-05-29 00:00:28.679: [613332] Waiting for protocol to start...

Tue 2018-05-29 00:00:28.944: [613332] <-- 220 mta1163.mail.ir2.yahoo.com
ESMTP ready

Tue 2018-05-29 00:00:28.944: [613332] --> EHLO mail.dima.co.id

Tue 2018-05-29 00:00:29.209: [613332] <-- 250-mta1163.mail.ir2.yahoo.com

Tue 2018-05-29 00:00:29.209: [613332] <-- 250-PIPELINING

Tue 2018-05-29 00:00:29.209:

[mdaemon-l] SPF records

[mdaemon-l] SPF records

[mdaemon-l] Message delivery failed

[mdaemon-l] Spam email

[mdaemon-l] Spam email

5 matches

Site Navigation

Mail list logo

Footer information