[Mdaemon-L] Email mencurigakan.
On 11/13/23 15:31, evirusnadi via Mdaemon-L wrote: Tetapi kalau semua user merasakan hal yang sama, maka global administrator bisa block dengan memasukkan sender kedalam blocklist by sender. http://mdaemon.dutaint.co.id/mdaemon/23.5/sf_black_list.html Saya coba menggunakan cara ini. Tapi lumayan banyak mail address yang harus diblock. Karena hampir tiap hari ada yang mengirimkan email dengan alamat yang berbeda. Spam dari free public domain memang lebih sulit di block, karena blocknya harus per sender address (satu persatu) bukan per domain base. Masukkan saja satu persatu ke blocklist by sende, nantikan juga beres. Pilihan lain, antispam dibuat lebih aggressive. Bisa dengan mengaktifkan nilai Spamscore lebih tinggi atau DNSBL lebih banyak atau pengaktifan spamhaus DQS. Misalkan untuk spam score yang ini Mon 2023-11-13 12:58:39.007: [14117743] * 1.0 FREEMAIL_REPLY From and body contain different freemails Edit \\mdaemon\spamassasin\rules\local.cf tambahkan di baris kosong terbawah score FREEMAIL_REPLY 3.0 lalu restart antispam http://mdaemon.dutaint.co.id/mdaemon/23.5/sf_spam_filtering.html klik "Restart Spam Filter" penambahan DNSBL http://mdaemon.dutaint.co.id/mdaemon/23.5/sf_options.html Is DNS service available? = Test (atau Yes). spamhaus DQS lihat https://www.youtube.com/watch?v=orH8BcElRv8&t=1s -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 23.5.1 Beta C Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. The life so short, the craft so long to learn. --- Hippocrates -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 23.5.0, SecurityGateway 9.5.0
[Mdaemon-L] Email mencurigakan.
Dear Pak Syafril, > Tetapi kalau semua user merasakan hal yang sama, maka global > administrator bisa block dengan memasukkan sender kedalam > blocklist by sender. > > http://mdaemon.dutaint.co.id/mdaemon/23.5/sf_black_list.html Saya coba menggunakan cara ini. Tapi lumayan banyak mail address yang harus diblock. Karena hampir tiap hari ada yang mengirimkan email dengan alamat yang berbeda. Terima kasih. Best Regards, Rusnadi -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 23.5.0, SecurityGateway 9.5.0
[Mdaemon-L] Email mencurigakan.
On 11/13/23 14:28, evirusnadi via Mdaemon-L wrote: Apakah email dibawah ini valid? Iya valid, sender address/domain dan sender host nya sesuai dengan kriteria internet mail yang baik. User mengeluhkan banyaknya email yang tidak dikenal seperti ini. Jika user/recipient merasa bahwa mail itu adalah spam/phising maka di block saja dengan memasukkan sender address kedalam Webmail blacklist contact. Atau diforward as attachment dan tujukan ke blockl...@ipsi.co.id Tetapi kalau semua user merasakan hal yang sama, maka global administrator bisa block dengan memasukkan sender kedalam blocklist by sender. http://mdaemon.dutaint.co.id/mdaemon/23.5/sf_black_list.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 23.5.1 Beta C Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Bodily exercise, when compulsory, does no harm to the body; but knowledge which is acquired under compulsion obtains no hold on the mind. --- Plato, The Republic -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 23.5.0, SecurityGateway 9.5.0
[Mdaemon-L] Email mencurigakan.
Dear Pak Syafril, Apakah email dibawah ini valid? User mengeluhkan banyaknya email yang tidak dikenal seperti ini. Mohon pencerahannya. Terima kasih. Mon 2023-11-13 12:58:37.810: [14117743] <-- MAIL FROM: SIZE=8092 Mon 2023-11-13 12:58:37.823: [14117743] Performing PTR lookup (42.210.85.209.IN-ADDR.ARPA) Mon 2023-11-13 12:58:37.855: [14117743] * D=42.210.85.209.IN-ADDR.ARPA TTL=(1440) PTR=[mail-ot1-f42.google.com] Mon 2023-11-13 12:58:37.874: [14117743] * D=mail-ot1-f42.google.com TTL=(19) A=[209.85.210.42] Mon 2023-11-13 12:58:37.874: [14117743] End PTR results Mon 2023-11-13 12:58:37.876: [14117743] Performing IP lookup (mail-ot1-f42.google.com) Mon 2023-11-13 12:58:37.880: [14117743] * D=mail-ot1-f42.google.com TTL=(19) A=[209.85.210.42] Mon 2023-11-13 12:58:37.880: [14117743] End IP lookup results Mon 2023-11-13 12:58:37.889: [14117743] Performing IP lookup (gmail.com) Mon 2023-11-13 12:58:37.892: [14117743] * D=gmail.com TTL=(3) A=[142.250.4.19] Mon 2023-11-13 12:58:37.892: [14117743] * D=gmail.com TTL=(3) A=[142.250.4.18] Mon 2023-11-13 12:58:37.892: [14117743] * D=gmail.com TTL=(3) A=[142.250.4.83] Mon 2023-11-13 12:58:37.892: [14117743] * D=gmail.com TTL=(3) A=[142.250.4.17] Mon 2023-11-13 12:58:37.897: [14117743] * P=005 S=004 D=gmail.com TTL=(48) MX=[gmail-smtp-in.l.google.com] Mon 2023-11-13 12:58:37.897: [14117743] * P=010 S=001 D=gmail.com TTL=(48) MX=[alt1.gmail-smtp-in.l.google.com] Mon 2023-11-13 12:58:37.897: [14117743] * P=020 S=002 D=gmail.com TTL=(48) MX=[alt2.gmail-smtp-in.l.google.com] Mon 2023-11-13 12:58:37.897: [14117743] * P=030 S=003 D=gmail.com TTL=(48) MX=[alt3.gmail-smtp-in.l.google.com] Mon 2023-11-13 12:58:37.897: [14117743] * P=040 S=000 D=gmail.com TTL=(48) MX=[alt4.gmail-smtp-in.l.google.com] Mon 2023-11-13 12:58:37.902: [14117743] * D=gmail-smtp-in.l.google.com TTL=(0) A=[142.251.10.27] Mon 2023-11-13 12:58:37.906: [14117743] * D=alt1.gmail-smtp-in.l.google.com TTL=(2) A=[173.194.202.26] Mon 2023-11-13 12:58:37.910: [14117743] * D=alt2.gmail-smtp-in.l.google.com TTL=(4) A=[142.250.141.27] Mon 2023-11-13 12:58:37.914: [14117743] * D=alt3.gmail-smtp-in.l.google.com TTL=(0) A=[142.250.115.26] Mon 2023-11-13 12:58:37.919: [14117743] * D=alt4.gmail-smtp-in.l.google.com TTL=(4) A=[64.233.171.27] Mon 2023-11-13 12:58:37.919: [14117743] End IP lookup results Mon 2023-11-13 12:58:37.919: [14117743] Performing SPF lookup (mail-ot1-f42.google.com / 209.85.210.42) Mon 2023-11-13 12:58:37.986: [14117743] * Result: none; no SPF record in DNS Mon 2023-11-13 12:58:37.986: [14117743] End SPF results Mon 2023-11-13 12:58:37.986: [14117743] Performing SPF lookup (gmail.com / 209.85.210.42) Mon 2023-11-13 12:58:37.986: [14117743] * Policy (cache): v=spf1 redirect=_spf.google.com Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating redirect=_spf.google.com: Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating redirect=_spf.google.com: performing lookup Mon 2023-11-13 12:58:37.986: [14117743] *Policy (cache): v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com wlinclude:antispamcloud.com wlinclude:spamexpert.com ~all Mon 2023-11-13 12:58:37.986: [14117743] *Evaluating include:_netblocks.google.com: performing lookup Mon 2023-11-13 12:58:37.986: [14117743] * Policy (cache): v=spf1 ip4:35.190.247.0/24 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0/19 ~al Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:35.190.247.0/24: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:64.233.160.0/19: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:66.102.0.0/20: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:66.249.80.0/20: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:72.14.192.0/18: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:74.125.0.0/16: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:108.177.8.0/21: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:173.194.0.0/16: no match Mon 2023-11-13 12:58:37.986: [14117743] * Evaluating ip4:209.85.128.0/17: match Mon 2023-11-13 12:58:37.986: [14117743] *Evaluating include:_netblocks.google.com: match Mon 2023-11-13 12:58:37.986: [14117743] * Result: pass Mon 2023-11-13 12:58:37.986: [14117743] End SPF results Mon 2023-11-13 12:58:37.987: [14117743] --> 250 2.1.0 Sender OK Mon 2023-11-13 12:58:37.987: [14117743] <-- RCPT TO: Mon 2023-11-13 12:58:37.991: [14117743] Performing DNS-BL lookup (209.85.210.42 - connecting IP) Mon 2023-11-13 12:58:38.010: [14117743] * cbl.abuseat.org - passed Mon 2023-11-13 12:58:38.268: [14117743] * b.barracudacentral.org - passed Mon 2023-11-
[MDaemon-L] Email Mencurigakan
YTH Pak Syafril > > Ya. > > Tambahan, SPF hostnya tidak mencantumkan IP 210.167.162.97 sehingga > memperkuat bukti bahwa sendernya spammer (abuse host). > > > > Wed 2017-07-05 14:35:49.310: 09: [899877] *Evaluating > include:spf1.ocn.ne.jp: no match > > Wed 2017-07-05 14:35:49.329: 09: [899877] *Evaluating > include:spf2.ocn.ne.jp: no match > > Wed 2017-07-05 14:35:49.348: 09: [899877] *Evaluating > include:spf3.ocn.ne.jp: no match > > Wed 2017-07-05 14:35:49.348: 09: [899877] * Evaluating > > include:spf.ocn.ne.jp: no match > > > Baik Pak, terima kasih sekali atas iinformasinya.. Best regards, Agus -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email Mencurigakan
YTH Pak Syafril Mohon maaf Pak, email yang sebelumnya lupa di attach file nya. Siang ini user saya menerima email (mohon cek attachment), namun user saya tidak mengenali email address email tersebut. Apakah ini spam / virus Pak? apakah sender terpercaya atau tidak ya Pak? Kalau saya lihat log SMTP in ada spam pada hasilnya “Wed 2017-07-05 14:35: 54.707: 11: [899877] * Spam result: 1 - Clean” Berikut log lengkapnya. Mohon bantuan pencerahan dan penanganannya. Terima kasih Wed 2017-07-05 14:35:50.794: 01: -- Wed 2017-07-05 14:35:48.377: 05: [899877] Session 899877; child 0003 Wed 2017-07-05 14:35:48.377: 05: [899877] Accepting SMTP connection from [210.167.162.97:53476] to [202.78.202.4:25] Wed 2017-07-05 14:35:48.380: 03: [899877] --> 220 mail.os-selnajaya.com ESMTP Wed, 05 Jul 2017 14:35:48 +0700 Wed 2017-07-05 14:35:48.501: 02: [899877] <-- EHLO 97.96h.162.167.210.in-addr.arpa Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-mail.os-selnajaya.com Hello 97.96h.162.167.210.in-addr.arpa, pleased to meet you Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-ETRN Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-8BITMIME Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-ENHANCEDSTATUSCODES Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-STARTTLS Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250 SIZE 2560 Wed 2017-07-05 14:35:48.783: 02: [899877] <-- MAIL FROM: mailto:foru...@lagoon.ocn.ne.jp> > Wed 2017-07-05 14:35:48.786: 05: [899877] Performing PTR lookup (97.162.167. 210.IN-ADDR.ARPA) Wed 2017-07-05 14:35:49.062: 05: [899877] * D=97.96h.162.167.210.IN-ADDR.ARPA TTL=(831) PTR=[zz2014420240D2A7A261.userreverse.dion.ne.jp] Wed 2017-07-05 14:35:49.062: 05: [899877] * Gathering A records... Wed 2017-07-05 14:35:49.086: 05: [899877] * D=zz2014420240D2A7A261.userreverse.dion.ne.jp TTL=(9) A=[210.167.162.97] Wed 2017-07-05 14:35:49.086: 05: [899877] End PTR results Wed 2017-07-05 14:35:49.088: 09: [899877] Performing SPF lookup (lagoon.ocn. ne.jp / 210.167.162.97) Wed 2017-07-05 14:35:49.106: 09: [899877] * Policy: v=spf1 a include:spf.ocn.ne.jp ~all Wed 2017-07-05 14:35:49.196: 09: [899877] * Evaluating a: no match Wed 2017-07-05 14:35:49.196: 09: [899877] * Evaluating include:spf.ocn.ne.jp: performing lookup Wed 2017-07-05 14:35:49.215: 09: [899877] *Policy: v=spf1 include:spf1.ocn.ne.jp include:spf2.ocn.ne.jp include:spf3.ocn.ne.jp ~all Wed 2017-07-05 14:35:49.215: 09: [899877] *Evaluating include:spf1.ocn.ne.jp: performing lookup Wed 2017-07-05 14:35:49.310: 09: [899877] * Policy: v=spf1 ip4:60.37.40.0/24 ip4:60.37.51.0/24 ip4:118.23.100.0/24 ip4:118.23.108.0/23 ip4:118.23.180.0/24 ip4:180.8.110.0/23 ip4:122.28.14.0/23 ip4:122.28.30.0/24 ip4:125.170.92.0/24 ~all Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:60.37.40.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:60.37.51.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:118.23.100.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:118.23.108.0/23: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:118.23.180.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:180.8.110.0/23: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:122.28.14.0/23: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:122.28.30.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:125.170.92.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ~all: match Wed 2017-07-05 14:35:49.310: 09: [899877] *Evaluating include:spf1.ocn.ne.jp: no match Wed 2017-07-05 14:35:49.310: 09: [899877] *Evaluating include:spf2.ocn.ne.jp: performing lookup Wed 2017-07-05 14:35:49.329: 09: [899877] * Policy: v=spf1 ip4:125.206. 148.0/24 ip4:125.206.187.0/24 ip4:222.146.51.0/24 ip4:180.37.203.0/24 ip4:122.1.235.0/24 ip4:118.23.178.0/24 ip4:114.147.58.0/24 ip4:153.128.50.0/24 ip4:153.149.228.0/26 ~all Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:125.206.148. 0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:125.206.187. 0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:222.146.51.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:180.37.203.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:122.1.235.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:118.23.178.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:114.147.58.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:153.128.50.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:153.149.228. 0/26: n
[MDaemon-L] Email Mencurigakan
On 05/07/17 16:28, Agus Tarpindo wrote: >> Identitas sender host typical spammer. >> Mestinya akan ditolak oleh MDaemon jika HELO check diaktifkan. > Mohon maaf Pak, tadi saya ada kirim email yang kedua Pak. Karena email yang > pertama lupa attachmentnya, apakah jawaban ini sudah mewakili pengecekan > terhadap attachment email yang kedua Pak? Ya. Tambahan, SPF hostnya tidak mencantumkan IP 210.167.162.97 sehingga memperkuat bukti bahwa sendernya spammer (abuse host). > Wed 2017-07-05 14:35:49.310: 09: [899877] *Evaluating > include:spf1.ocn.ne.jp: no match > Wed 2017-07-05 14:35:49.329: 09: [899877] *Evaluating > include:spf2.ocn.ne.jp: no match > Wed 2017-07-05 14:35:49.348: 09: [899877] *Evaluating > include:spf3.ocn.ne.jp: no match > Wed 2017-07-05 14:35:49.348: 09: [899877] * Evaluating > include:spf.ocn.ne.jp: no match -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 17.0.2-64, SP 5.1-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Instruction does much, but encouragement everything. --- Johann Wolfgang von Goethe -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email Mencurigakan
YTH Pak Syafril > > Identitas sender host typical spammer. > Mestinya akan ditolak oleh MDaemon jika HELO check diaktifkan. > > http://mdaemon.dutaint.co.id/mdaemon/17.0.1/index.html?security-- > reverse_lookup.htm > > > [x] Perform lookup on HELO/EHLO domain > [x] Refuse to accept mail if a lookup returns 'domain not found' > [x] ...send 501 error code (normally sends 451 error code) [x] ...and then > close the connection [x] Exempt authenticated sessions > > > Kalau sudah pakai MD 16.x keatas bisa diaktifkan lengkap seperti disini > > > http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31023.html > http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31024.html > http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31029.html > Mohon maaf Pak, tadi saya ada kirim email yang kedua Pak. Karena email yang pertama lupa attachmentnya, apakah jawaban ini sudah mewakili pengecekan terhadap attachment email yang kedua Pak? Bagaimana kira-kira Pak? Best regards, Agus -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email Mencurigakan
On 05/07/17 14:57, Agus Tarpindo wrote: > Siang ini user saya menerima email (mohon cek attachment), namun user > saya tidak mengenali email address email tersebut. Apakah ini spam / > virus Pak? apakah sender terpercaya atau tidak ya Pak? > Wed 2017-07-05 14:35:48.377: 05: [899877] Accepting SMTP connection from > [210.167.162.97:53476] to [202.78.202.4:25] > > Wed 2017-07-05 14:35:48.501: 02: [899877] <-- EHLO > 97.96h.162.167.210.in-addr.arpa Identitas sender host typical spammer. Mestinya akan ditolak oleh MDaemon jika HELO check diaktifkan. http://mdaemon.dutaint.co.id/mdaemon/17.0.1/index.html?security--reverse_lookup.htm [x] Perform lookup on HELO/EHLO domain [x] Refuse to accept mail if a lookup returns 'domain not found' [x] ...send 501 error code (normally sends 451 error code) [x] ...and then close the connection [x] Exempt authenticated sessions Kalau sudah pakai MD 16.x keatas bisa diaktifkan lengkap seperti disini http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31023.html http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31024.html http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31029.html -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 17.0.2-64, SP 5.1-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. I am who I am today because of the mistakes I made yesterday. --- The Prolific Penman -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email Mencurigakan
YTH Pak Syafril Siang ini user saya menerima email (mohon cek attachment), namun user saya tidak mengenali email address email tersebut. Apakah ini spam / virus Pak? apakah sender terpercaya atau tidak ya Pak? Kalau saya lihat log SMTP in ada spam pada hasilnya "Wed 2017-07-05 14:35:54.707: 11: [899877] * Spam result: 1 - Clean" Berikut log lengkapnya. Mohon bantuan pencerahan dan penanganannya. Terima kasih Wed 2017-07-05 14:35:50.794: 01: -- Wed 2017-07-05 14:35:48.377: 05: [899877] Session 899877; child 0003 Wed 2017-07-05 14:35:48.377: 05: [899877] Accepting SMTP connection from [210.167.162.97:53476] to [202.78.202.4:25] Wed 2017-07-05 14:35:48.380: 03: [899877] --> 220 mail.os-selnajaya.com ESMTP Wed, 05 Jul 2017 14:35:48 +0700 Wed 2017-07-05 14:35:48.501: 02: [899877] <-- EHLO 97.96h.162.167.210.in-addr.arpa Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-mail.os-selnajaya.com Hello 97.96h.162.167.210.in-addr.arpa, pleased to meet you Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-ETRN Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-8BITMIME Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-ENHANCEDSTATUSCODES Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-STARTTLS Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250 SIZE 2560 Wed 2017-07-05 14:35:48.783: 02: [899877] <-- MAIL FROM: Wed 2017-07-05 14:35:48.786: 05: [899877] Performing PTR lookup (97.162.167.210.IN-ADDR.ARPA) Wed 2017-07-05 14:35:49.062: 05: [899877] * D=97.96h.162.167.210.IN-ADDR.ARPA TTL=(831) PTR=[zz2014420240D2A7A261.userreverse.dion.ne.jp] Wed 2017-07-05 14:35:49.062: 05: [899877] * Gathering A records... Wed 2017-07-05 14:35:49.086: 05: [899877] * D=zz2014420240D2A7A261.userreverse.dion.ne.jp TTL=(9) A=[210.167.162.97] Wed 2017-07-05 14:35:49.086: 05: [899877] End PTR results Wed 2017-07-05 14:35:49.088: 09: [899877] Performing SPF lookup (lagoon.ocn.ne.jp / 210.167.162.97) Wed 2017-07-05 14:35:49.106: 09: [899877] * Policy: v=spf1 a include:spf.ocn.ne.jp ~all Wed 2017-07-05 14:35:49.196: 09: [899877] * Evaluating a: no match Wed 2017-07-05 14:35:49.196: 09: [899877] * Evaluating include:spf.ocn.ne.jp: performing lookup Wed 2017-07-05 14:35:49.215: 09: [899877] *Policy: v=spf1 include:spf1.ocn.ne.jp include:spf2.ocn.ne.jp include:spf3.ocn.ne.jp ~all Wed 2017-07-05 14:35:49.215: 09: [899877] *Evaluating include:spf1.ocn.ne.jp: performing lookup Wed 2017-07-05 14:35:49.310: 09: [899877] * Policy: v=spf1 ip4:60.37.40.0/24 ip4:60.37.51.0/24 ip4:118.23.100.0/24 ip4:118.23.108.0/23 ip4:118.23.180.0/24 ip4:180.8.110.0/23 ip4:122.28.14.0/23 ip4:122.28.30.0/24 ip4:125.170.92.0/24 ~all Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:60.37.40.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:60.37.51.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:118.23.100.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:118.23.108.0/23: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:118.23.180.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:180.8.110.0/23: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:122.28.14.0/23: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:122.28.30.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ip4:125.170.92.0/24: no match Wed 2017-07-05 14:35:49.310: 09: [899877] * Evaluating ~all: match Wed 2017-07-05 14:35:49.310: 09: [899877] *Evaluating include:spf1.ocn.ne.jp: no match Wed 2017-07-05 14:35:49.310: 09: [899877] *Evaluating include:spf2.ocn.ne.jp: performing lookup Wed 2017-07-05 14:35:49.329: 09: [899877] * Policy: v=spf1 ip4:125.206.148.0/24 ip4:125.206.187.0/24 ip4:222.146.51.0/24 ip4:180.37.203.0/24 ip4:122.1.235.0/24 ip4:118.23.178.0/24 ip4:114.147.58.0/24 ip4:153.128.50.0/24 ip4:153.149.228.0/26 ~all Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:125.206.148.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:125.206.187.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:222.146.51.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:180.37.203.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:122.1.235.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:118.23.178.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:114.147.58.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:153.128.50.0/24: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ip4:153.149.228.0/26: no match Wed 2017-07-05 14:35:49.329: 09: [899877] * Evaluating ~all: match Wed 2017-07-05 14:35:4
[MDaemon-L] Email mencurigakan
On 21/06/17 10:11, Ahmad Ardiansyah wrote: > apakah ini headers yang dimaksud pak? > X-MDAV-Processed: mail.kompas.tv, Tue, 20 Jun 2017 17:55:25 +0700 > Return-path: > Authentication-Results: mail.kompas.tv > iprev=pass policy.iprev=10.0.0.5 reason="white listed" (HELO > kaya-bdmaria34-fo.b.astral.ro); > iprev=pass policy.iprev=10.0.0.5 reason="white listed" (MAIL > termini...@dhl-invoice.com) > Received: from kaya-bdmaria34-fo.b.astral.ro by mail.kompas.tv (MDaemon PRO > v17.0.2) > with ESMTP id md5664804.msg; Tue, 20 Jun 2017 17:55:23 +0700 Ya benar ini message headernya. Spam berhasil masuk karena ada kesalahan setting firewall sehingga antispam berbasis IP tidak berfungsi. Perbaiki setting firewallnya agar spam macam itu tidak akan bisa masuk ke MDaemon Anda. http://www.mail-archive.com/mdaemon-l@dutaint.com/msg36868.html http://www.mail-archive.com/mdaemon-l@dutaint.com/msg41343.html -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 17.0.2-64, SP 5.1-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. The life so short, the craft so long to learn. --- Hippocrates -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email mencurigakan
2017-06-21 3:02 GMT+07:00 Syafril Hermansyah : > On 2017-06-20 22:52, Ahmad Ardiansyah wrote: > > Beberapa hari ini user kami termasuk saya mendapatkan email seperti ini > > > Apakah ini spam or virus ya pak? > > > Kelihatannya itu phising spam. > Apakah ada kesamaan (pola) dari sender , sender host atau > lampiran filenya? > Diblock saja berdasar pola itu. > > Kalau bisa diberikan message headernya dan ternyata polanya ada dikesamaan > sender host, maka saya akan ikut block di hostscreening. > apakah ini headers yang dimaksud pak? X-MDAV-Processed: mail.kompas.tv, Tue, 20 Jun 2017 17:55:25 +0700 Return-path: Authentication-Results: mail.kompas.tv iprev=pass policy.iprev=10.0.0.5 reason="white listed" (HELO kaya-bdmaria34-fo.b.astral.ro); iprev=pass policy.iprev=10.0.0.5 reason="white listed" (MAIL termini...@dhl-invoice.com) Received: from kaya-bdmaria34-fo.b.astral.ro by mail.kompas.tv (MDaemon PRO v17.0.2) with ESMTP id md5664804.msg; Tue, 20 Jun 2017 17:55:23 +0700 X-Spam-Level: X-Spam-Status: No, score=0.00 required=5.0 X-Spam-Report: * 0.0 HTML_MESSAGE BODY: HTML included in message * 0.0 T_TVD_MIME_NO_HEADERS BODY: No description available. X-Spam-Processed: mail.kompas.tv, Tue, 20 Jun 2017 17:55:23 +0700 (processed during SMTP session) X-MDOP-RefID: str=0001.0A150202.5948FF20.00A5,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,cl=1,cld=1,fgs=0 (_st=1 _vt=0 _iwf=0) X-MDArrival-Date: Tue, 20 Jun 2017 17:55:23 +0700 X-Rcpt-To: ahmad.ardians...@kompas.tv X-MDRcpt-To: ahmad.ardians...@kompas.tv X-Return-Path: termini...@dhl-invoice.com X-Envelope-From: termini...@dhl-invoice.com X-MDaemon-Deliver-To: ahmad.ardians...@kompas.tv Received: from [100.198.152.47] (account lardne...@dhl-invoice.com HELO luqawilu.dhl-invoice.com) by kaya-bdmaria34-fo.b.astral.ro (Exim 4.89) with ESMTPA id 6rj0gf1pdcb5505.7.20170620125525 for ahmad.ardians...@kompas.tv; Tue, 20 Jun 2017 12:55:25 +0200 From: alison.ackr...@brnet.de Subject: F VAT To: Cc: Message-ID: Date: Tue, 20 Jun 2017 12:55:25 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=-Part_4156874_80351403.8168655628760 ---Part_4156874_80351403.8168655628760 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable ---Part_4156874_80351403.8168655628760 Content-Type: text/html; charset=3D"iso-8859-2" Content-Transfer-Encoding: quoted-printable salam, Ardiansyah -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email mencurigakan
On 2017-06-20 22:52, Ahmad Ardiansyah wrote: > Beberapa hari ini user kami termasuk saya mendapatkan email seperti ini > Apakah ini spam or virus ya pak? Kelihatannya itu phising spam. Apakah ada kesamaan (pola) dari sender , sender host atau lampiran filenya? Diblock saja berdasar pola itu. Kalau bisa diberikan message headernya dan ternyata polanya ada dikesamaan sender host, maka saya akan ikut block di hostscreening. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 17.0.2-64, SP 5.1.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. I believe in two principles: Your attitude is more important than your capabilities. Similarly, your decision is more important than your capabilities! -- Jack Ma -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email mencurigakan
Pak syafril, Beberapa hari ini user kami termasuk saya mendapatkan email seperti ini -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1 Apakah ini spam or virus ya pak? Salam, Ardiansyah Sent from my iPhone -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] EMAIL MENCURIGAKAN
Ok baik Pak, terima kasih pencerahannya Best regards, Agus IT PT. OS Selnajaya Indonesia Total Integrated Support Address: 19th Floor Mid Plaza I Bld, Jl. Jend. Sudirman Kav. 10-11, Jakarta, Indonesia Mobile: - Tel: +62 21-572 7214 Fax: +62 21-573 9482 Email: agus.tarpi...@os-selnajaya.com Website: www.os-selnajaya.com Part of : Outsourcing Inc - www.outsourcing.co.jp ** This message and any attachments are confidential and intended solely for the addressees. If you receive this message in error, please delete it and immediately notify the sender. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized use, copying or dissemination is prohibited. E-mails are susceptible to alteration. Neither Outsourcing Inc nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. -Original Message- From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of Syafril Hermansyah Sent: 09 Februari 2017 11:23 To: Milis Komunitas MDaemon Indonesia Subject: [MDaemon-L] EMAIL MENCURIGAKAN On 09/02/17 10:26, Agus Tarpindo wrote: --- Kalau reply jangan membuat thread baru dan sisakan kutipan teks asli yang sesuai agar diskusinya fokus. https://www.netmeister.org/news/learn2quote1.html https://wiki.openstack.org/wiki/MailingListEtiquette#Replies selalu gunakan bottom posting style atau inline reply untuk kemudahan dibaca orang lain. Lihat contoh berikut ini https://brooksreview.net/wp-content/uploads/2011/01/message-4.png atau lengkapnya disini https://brooksreview.net/2011/01/interleaved-email/ Di outlook 2013/2016 sudah ada fitur inline reply, tinggal diaktifkan. http://www.tech-recipes.com/rx/30892/outlook-2013-disable-the-inline-reply-f eature/ kalau masih pakai outlook kuno, maka ubah settingnya seperti ini https://www.slipstick.com/outlook/email/to-use-internet-style-quoting/ https://www.msoutlook.info/question/401 > Saya coba masukkan hasilnya seperti gambar diatachment Pak bukan > seperti link yang Bapak kasih, saya klik di "IP addresses" tapi sender > ID tetap muncul menjadi sub "ALL IP". Itu karena pakai MDaemon versi kuno sehingga menu dan fiturnya berbeda. Hostscreening menangani baik blacklist maupun whitelist kalau hanya untuk blacklist sudah memadai di MD versi lama, jangan pakai script (wildcard, regular expression etc) yang nantinya perlu whitelist. > Apabila saya langsung masukkan lalu klik add maka munculnya juga > ditempat yang sama Pak. > apakah cara saya ini sudah betul Pak ? Lalu tinggal klik apply dan OK > ya Pak? Ya, sudah ok. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 17.0-64 Beta B, SP 5.1.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. The only way to do great work is to love what you do. If you haven't found it yet, keep looking. Don't settle. --- Steve Jobs -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1 -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] EMAIL MENCURIGAKAN
On 09/02/17 10:26, Agus Tarpindo wrote: --- Kalau reply jangan membuat thread baru dan sisakan kutipan teks asli yang sesuai agar diskusinya fokus. https://www.netmeister.org/news/learn2quote1.html https://wiki.openstack.org/wiki/MailingListEtiquette#Replies selalu gunakan bottom posting style atau inline reply untuk kemudahan dibaca orang lain. Lihat contoh berikut ini https://brooksreview.net/wp-content/uploads/2011/01/message-4.png atau lengkapnya disini https://brooksreview.net/2011/01/interleaved-email/ Di outlook 2013/2016 sudah ada fitur inline reply, tinggal diaktifkan. http://www.tech-recipes.com/rx/30892/outlook-2013-disable-the-inline-reply-feature/ kalau masih pakai outlook kuno, maka ubah settingnya seperti ini https://www.slipstick.com/outlook/email/to-use-internet-style-quoting/ https://www.msoutlook.info/question/401 > Saya coba masukkan hasilnya seperti gambar diatachment Pak bukan seperti > link yang Bapak kasih, saya klik di "IP addresses" tapi sender ID tetap > muncul menjadi sub "ALL IP". Itu karena pakai MDaemon versi kuno sehingga menu dan fiturnya berbeda. Hostscreening menangani baik blacklist maupun whitelist kalau hanya untuk blacklist sudah memadai di MD versi lama, jangan pakai script (wildcard, regular expression etc) yang nantinya perlu whitelist. > Apabila saya langsung masukkan lalu klik add > maka munculnya juga ditempat yang sama Pak. > apakah cara saya ini sudah betul Pak ? Lalu tinggal klik apply dan OK ya > Pak? Ya, sudah ok. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 17.0-64 Beta B, SP 5.1.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. The only way to do great work is to love what you do. If you haven’t found it yet, keep looking. Don’t settle. --- Steve Jobs -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] EMAIL MENCURIGAKAN
On 09/02/17 09:10, Agus Tarpindo wrote: > Mohon analisa email log berikut, apakah email ini berbahaya atau tidak? > Thu 2017-02-09 07:16:16.283: 02: [665148] <-- EHLO > deer-blue-521a4e94a094a855.znlc.jp > Thu 2017-02-09 07:16:16.749: 02: [665148] <-- MAIL FROM: > SIZE=369460 Ini spam dari open relay server. > Bagaimana cara memblok email tersebut agar tidak bisa kirim ke kami lagi? Masukkan sender identity (deer-blue-521a4e94a094a855.znlc.jp) kedalam hostscreening. http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--host_screening.htm -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 17.0-64 Beta B, SP 5.1.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Challenges are what make life interesting and overcoming them is what makes life meaningful. --- Joshua J. Marine -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] EMAIL MENCURIGAKAN
YTH Pak Syafril Mohon analisa email log berikut, apakah email ini berbahaya atau tidak? Bagaimana cara memblok email tersebut agar tidak bisa kirim ke kami lagi? Mohon bantuan dan pencerahannya Pak.. Thu 2017-02-09 07:15:07.659: 01: -- Thu 2017-02-09 07:16:16.188: 05: [665148] Session 665148; child 0001 Thu 2017-02-09 07:16:16.188: 05: [665148] Accepting SMTP connection from [210.229.226.120:36728] to [202.78.202.4:25] Thu 2017-02-09 07:16:16.189: 03: [665148] --> 220 mail.os-selnajaya.com ESMTP Thu, 09 Feb 2017 07:16:16 +0700 Thu 2017-02-09 07:16:16.283: 02: [665148] <-- EHLO deer-blue-521a4e94a094a855.znlc.jp Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-mail.os-selnajaya.com Hello deer-blue-521a4e94a094a855.znlc.jp, pleased to meet you Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-ETRN Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-8BITMIME Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-ENHANCEDSTATUSCODES Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250-STARTTLS Thu 2017-02-09 07:16:16.283: 03: [665148] --> 250 SIZE 2560 Thu 2017-02-09 07:16:16.373: 02: [665148] <-- STARTTLS Thu 2017-02-09 07:16:16.374: 03: [665148] --> 220 2.7.0 Ready to start TLS Thu 2017-02-09 07:16:16.565: 01: [665148] SSL negotiation successful (TLS 1.2, 3072 bit key exchange, 128 bit AES encryption) Thu 2017-02-09 07:16:16.658: 02: [665148] <-- EHLO deer-blue-521a4e94a094a855.znlc.jp Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-mail.os-selnajaya.com Hello deer-blue-521a4e94a094a855.znlc.jp, pleased to meet you Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-ETRN Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-8BITMIME Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250-ENHANCEDSTATUSCODES Thu 2017-02-09 07:16:16.658: 03: [665148] --> 250 SIZE 2560 Thu 2017-02-09 07:16:16.749: 02: [665148] <-- MAIL FROM: SIZE=369460 Thu 2017-02-09 07:16:16.751: 05: [665148] Performing PTR lookup (120.226.229.210.IN-ADDR.ARPA) Thu 2017-02-09 07:16:16.767: 05: [665148] * D=120.226.229.210.IN-ADDR.ARPA TTL=(9) PTR=[deer-blue-521a4e94a094a855.znlc.jp] Thu 2017-02-09 07:16:16.767: 05: [665148] * Gathering A records... Thu 2017-02-09 07:16:16.784: 05: [665148] * D=deer-blue-521a4e94a094a855.znlc.jp TTL=(43) A=[210.229.226.120] Thu 2017-02-09 07:16:16.784: 05: [665148] End PTR results Thu 2017-02-09 07:16:16.785: 09: [665148] Performing SPF lookup (zebra.lt / 210.229.226.120) Thu 2017-02-09 07:16:16.804: 09: [665148] * Policy: v=spf1 include:_mail1.zebra.lt include:_mail2.zebra.lt ~all Thu 2017-02-09 07:16:16.804: 09: [665148] * Evaluating include:_mail1.zebra.lt: performing lookup Thu 2017-02-09 07:16:17.140: 09: [665148] *Policy: v=spf1 ip4:212.59.0.7/32 ip4:212.59.31.119/32 ip4:212.59.31.87/32 ip4:212.59.31.115/32 ip4:195.12.167.68/32 ip4:195.12.167.69/32 ip4:195.12.167.70/32 ip4:212.59.31.76/32 ip4:212.59.31.84/32 ip4:212.59.31.85/32 ip4:212.59.31.91/32 ip4: Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.0.7/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.119/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.87/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.115/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:195.12.167.68/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:195.12.167.69/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:195.12.167.70/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.76/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.84/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.85/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.91/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ip4:212.59.31.94/32: no match Thu 2017-02-09 07:16:17.140: 09: [665148] *Evaluating ~all: match Thu 2017-02-09 07:16:17.140: 09: [665148] * Evaluating include:_mail1.zebra.lt: no match Thu 2017-02-09 07:16:17.140: 09: [665148] * Evaluating include:_mail2.zebra.lt: performing lookup Thu 2017-02-09 07:16:17.158: 09: [665148] *Policy: v=spf1 ip4:212.59.0.7/32 ip4:82.135.235.4/32 ip4:82.135.235.5/32 ip4:82.135.235.6/32 ip4:82.135.235.7/32 ?all Thu 2017-02-09 07:16:17.158: 09: [665148] *Evaluating ip4:212.59.0.7/32: no match Thu 2017-02-09 07:16:17.158: 09: [665148] *Evaluating ip4:82.135.235.4/32: no match Thu 2017-02-09 07:16:17.158: 09: [665148] *Evaluating ip4:82.135.235.5/32: no match Thu 2017-02-09 07:16:17.158: 09: [665148] *Evaluating ip4:82.135.235.6/32: no match Thu 2017-02-09 07:16:17.158: 09: [6651
[MDaemon-L] Email Mencurigakan
> Yang forward itu file apa, pakai format apa? > Sepertinya itu image/picture file, apakah screenshoot? filenya ternyata *.msg--default extension file saat forward as attachment dari outlook 2016, Pak. bukan *.eml. Mohon maaf. > Sender server itu relayhost server, settingnya mengikuti kaidah > legalistas internet mail. > Kalau mau diblock, masukan sender address kedalam sender blacklist. > > http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--sender-blacklist.htm > > atau recipient memasukkan sender address kedalam blacklist contact di > webmail. baik, Pak. sementara saya coba dulu opsi ini. -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.0.1, OC 4.0.1, SG 4.0.1
[MDaemon-L] Email Mencurigakan
On 20/12/16 08:29, Anjas Wahyu Nurhayanto wrote: >> Bisa dengan cara forward as attachment message itu kesini atau simpan >> messagenya ke local disk sebagai *.eml lalu lampirkan kesini. > terlampir adalah LOG SMTP (in) dan message yang diforward ke saya. Yang forward itu file apa, pakai format apa? Sepertinya itu image/picture file, apakah screenshoot? > Mon 2016-12-19 09:57:10.126: [207116] <-- EHLO smtp90.iad3a.emailsrvr.com > Mon 2016-12-19 09:57:10.381: [207116] <-- MAIL > FROM: SIZE=5525 Sender server itu relayhost server, settingnya mengikuti kaidah legalistas internet mail. Kalau mau diblock, masukan sender address kedalam sender blacklist. http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--sender-blacklist.htm atau recipient memasukkan sender address kedalam blacklist contact di webmail. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 16.5.2-64, SP 5.1.0-64 Beta B Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. You have to learn the rules of the game. And then you have to play better than anyone else. --- Albert Einstein -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.0.1, OC 4.0.1, SG 4.0.1
[MDaemon-L] Email Mencurigakan
> Perlihatkan source mailnya. > Bisa dengan cara forward as attachment message itu kesini atau simpan > messagenya ke local disk sebagai *.eml lalu lampirkan kesini. terlampir adalah LOG SMTP (in) dan message yang diforward ke saya. -- Anjas Wahyu Nurhayanto iPower Communications -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.0.1, OC 4.0.1, SG 4.0.1 Mon 2016-12-19 09:57:09.867: [207116] Session 207116; child 0001 Mon 2016-12-19 09:57:09.867: [207116] Accepting SMTP connection from 173.203.187.90:54206 to 10.0.0.1:25 Mon 2016-12-19 09:57:09.870: [207116] --> 220 mail.aksball.co.id ESMTP MDaemon 16.5.1; Mon, 19 Dec 2016 09:57:09 +0700 Mon 2016-12-19 09:57:10.126: [207116] <-- EHLO smtp90.iad3a.emailsrvr.com Mon 2016-12-19 09:57:10.126: [207116] --> 250-mail.aksball.co.id Hello smtp90.iad3a.emailsrvr.com [173.203.187.90], pleased to meet you Mon 2016-12-19 09:57:10.126: [207116] --> 250-ETRN Mon 2016-12-19 09:57:10.126: [207116] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2016-12-19 09:57:10.126: [207116] --> 250-8BITMIME Mon 2016-12-19 09:57:10.126: [207116] --> 250-ENHANCEDSTATUSCODES Mon 2016-12-19 09:57:10.126: [207116] --> 250 SIZE Mon 2016-12-19 09:57:10.381: [207116] <-- MAIL FROM: SIZE=5525 Mon 2016-12-19 09:57:10.383: [207116] Performing PTR lookup (90.187.203.173.IN-ADDR.ARPA) Mon 2016-12-19 09:57:10.402: [207116] * D=90.187.203.173.IN-ADDR.ARPA TTL=(1415) PTR=[smtp90.iad3a.emailsrvr.com] Mon 2016-12-19 09:57:10.424: [207116] * D=smtp90.iad3a.emailsrvr.com TTL=(1439) A=[173.203.187.90] Mon 2016-12-19 09:57:10.424: [207116] End PTR results Mon 2016-12-19 09:57:10.426: [207116] Performing IP lookup (smtp90.iad3a.emailsrvr.com) Mon 2016-12-19 09:57:10.447: [207116] * D=smtp90.iad3a.emailsrvr.com TTL=(1399) A=[173.203.187.90] Mon 2016-12-19 09:57:10.447: [207116] End IP lookup results Mon 2016-12-19 09:57:10.450: [207116] Performing IP lookup (jcf.gov.jm) Mon 2016-12-19 09:57:10.470: [207116] * D=jcf.gov.jm TTL=(55) A=[208.131.169.101] Mon 2016-12-19 09:57:10.490: [207116] * P=010 S=000 D=jcf.gov.jm TTL=(36) MX=[mx1.emailsrvr.com] Mon 2016-12-19 09:57:10.490: [207116] * P=020 S=001 D=jcf.gov.jm TTL=(36) MX=[mx2.emailsrvr.com] Mon 2016-12-19 09:57:10.510: [207116] * D=mx1.emailsrvr.com TTL=(0) A=[108.166.43.1] Mon 2016-12-19 09:57:10.530: [207116] * D=mx2.emailsrvr.com TTL=(1) A=[108.166.43.2] Mon 2016-12-19 09:57:10.530: [207116] End IP lookup results Mon 2016-12-19 09:57:10.531: [207116] Performing SPF lookup (jcf.gov.jm / 173.203.187.90) Mon 2016-12-19 09:57:11.162: [207116] * Result: none; no SPF record in DNS Mon 2016-12-19 09:57:11.162: [207116] End SPF results Mon 2016-12-19 09:57:11.162: [207116] --> 250 2.1.0 Sender OK Mon 2016-12-19 09:57:11.417: [207116] <-- RCPT TO: Mon 2016-12-19 09:57:11.421: [207116] Performing DNS-BL lookup (173.203.187.90 - connecting IP) Mon 2016-12-19 09:57:11.444: [207116] * zen.spamhaus.org - passed Mon 2016-12-19 09:57:11.444: [207116] End DNS-BL results Mon 2016-12-19 09:57:11.453: [207116] --> 250 2.1.5 Recipient OK Mon 2016-12-19 09:57:11.709: [207116] <-- DATA Mon 2016-12-19 09:57:11.710: [207116] Creating temp file (SMTP): d:\mdaemon\queues\temp\md5151719.tmp Mon 2016-12-19 09:57:11.710: [207116] --> 354 Enter mail, end with . Mon 2016-12-19 09:57:12.287: [207116] Message size: 5525 bytes Mon 2016-12-19 09:57:12.288: [207116] Performing DKIM lookup Mon 2016-12-19 09:57:12.288: [207116] * File: d:\mdaemon\queues\temp\md5151719.tmp Mon 2016-12-19 09:57:12.288: [207116] * Message-ID: n/a Mon 2016-12-19 09:57:12.288: [207116] * Result: neutral Mon 2016-12-19 09:57:12.288: [207116] End DKIM results Mon 2016-12-19 09:57:12.291: [207116] Performing DMARC processing Mon 2016-12-19 09:57:12.291: [207116] * File: d:\mdaemon\queues\temp\md5151719.tmp Mon 2016-12-19 09:57:12.291: [207116] * Message-ID: n/a Mon 2016-12-19 09:57:12.291: [207116] * Author domain: jcf.gov.jm Mon 2016-12-19 09:57:12.291: [207116] * Organizational domain: jcf.gov.jm Mon 2016-12-19 09:57:12.291: [207116] * Query domain: _dmarc.jcf.gov.jm Mon 2016-12-19 09:57:14.080: [207116] *No DMARC policy record found Mon 2016-12-19 09:57:14.080: [207116] * Action taken: none Mon 2016-12-19 09:57:14.080: [207116] * Result: none Mon 2016-12-19 09:57:14.080: [207116] End DMARC results Mon 2016-12-19 09:57:14.082: [207116] Passing message through AntiVirus (Size: 5525)... Mon 2016-12-19 09:57:14.091: [207116] * Message is clean (no viruses found) Mon 2016-12-19 09:57:14.091: [207116] End AntiVirus results Mon 2016-12-19 09:57:14.336: [207116] Passing message through Outbreak Protection... Mon 2016-1
[MDaemon-L] Email Mencurigakan
On 20/12/16 08:02, Anjas Wahyu Nurhayanto wrote: > Hari ini klien mendapati email semacam ini (terlampir). Apa kiranya > yang harus saya lakukan agar email semacam ini tidak lagi bisa > diterima? Perlihatkan source mailnya. Bisa dengan cara forward as attachment message itu kesini atau simpan messagenya ke local disk sebagai *.eml lalu lampirkan kesini. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 16.5.2-64, SP 5.1.0-64 Beta B Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Pada punggung setiap orang terdapat sebuah etiket yang menjadi dasar bagi orang lain untuk menilai dirinya sendiri - dan hanya dia sendiri yang tidak melihatnya -- Paul Brulet, born 1866 -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.0.1, OC 4.0.1, SG 4.0.1
[MDaemon-L] Email Mencurigakan
Dear, Pak Syafril Hari ini klien mendapati email semacam ini (terlampir). Apa kiranya yang harus saya lakukan agar email semacam ini tidak lagi bisa diterima? -- Anjas Wahyu Nurhayanto iPower Communications -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.0.1, OC 4.0.1, SG 4.0.1 From: Erdha [mailto:er...@aksball.co.id] Sent: Monday, December 19, 2016 10:40 AM To: 'Budi AKS' Cc: 'Heni' Subject: FW: DHL EXPRESS PARCEL ARRIVAL NOTICE fyi From: nore...@dhl.cn [mailto:orane.came...@jcf.gov.jm] Sent: Monday, December 19, 2016 9:57 AM To: er...@aksball.co.id Subject: DHL EXPRESS PARCEL ARRIVAL NOTICE Hi er...@aksball.co.id, Your parcel h as arrived at about 09:20:29 GMT. Courier was unable to deliver the parcel to you due to some error. Here is the delivery status for your parcel. tracking.pl?LAN=FRE&TID=FR_FRE&AWB= er...@aksball.co.id Thank you, DHL.Express <<< Note: Kindly use your mail to access file online. -- Terms & Conditions Tracking FAQs