subject:"\[MDaemon\-L\] Email spam banyak yang lolos cukup mengganggu user"

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-18 Terurut Topik Syafril Hermansyah

On 18/05/16 09:50, Heryanto wrote:
>> >Yang ini mestinya ditolak kalau semua menu PTR check di reverse lookup
> check aktif

> Cuma masih ada yg masuk ya pak syafril contoh spam :

Jam berapa reverse lookup di aktifkan?

Apakah sebelum Wed 2016-05-18 09:26:21?




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Pengetahuan tidak dicapai secara kebetulan, tapi harus dicari dengan
semangat yang tinggi dan diselesaikan dengan tekun
-- Abigail Adams, 1790


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Heryanto

s\temp\md5002211.tmp
Wed 2016-05-18 09:26:38.541: [390135] *  Message-ID:
<20160518092846.A4AA05D7CD@mail.herman.sulina.local>
Wed 2016-05-18 09:26:38.886: [390135] *  Result: neutral Wed 2016-05-18
09:26:38.886: [390135]  End DKIM results Wed 2016-05-18 09:26:38.891:
[390135] Performing DMARC processing Wed 2016-05-18 09:26:38.891: [390135] *
File: d:\mdaemon\queues\temp\md5002211.tmp
Wed 2016-05-18 09:26:38.891: [390135] *  Message-ID:
<20160518092846.A4AA05D7CD@mail.herman.sulina.local>
Wed 2016-05-18 09:26:38.891: [390135] *  Author domain: dcwildlife.com Wed
2016-05-18 09:26:38.891: [390135] *  Organizational domain: dcwildlife.com
Wed 2016-05-18 09:26:38.891: [390135] *  Query domain: _dmarc.dcwildlife.com
Wed 2016-05-18 09:26:39.418: [390135] *No DMARC policy record found
Wed 2016-05-18 09:26:39.418: [390135] *  Action taken: none Wed 2016-05-18
09:26:39.418: [390135] *  Result: none Wed 2016-05-18 09:26:39.418: [390135]
 End DMARC results Wed 2016-05-18 09:26:39.421: [390135] Passing message
through AntiVirus (Size: 11840)...
Wed 2016-05-18 09:26:39.422: [390135] *  Recipient or sender in exclusion
list Wed 2016-05-18 09:26:39.422: [390135]  End AntiVirus results Wed
2016-05-18 09:26:39.623: [390135] Passing message through Outbreak
Protection...
Wed 2016-05-18 09:26:39.624: [390135] *  Message-ID:
<20160518092846.A4AA05D7CD@mail.herman.sulina.local>
Wed 2016-05-18 09:26:39.624: [390135] *  Reference-ID:
str=0001.0A150202.573BD363.0071,ss=4,re=0.000,recu=0.000,reip=0.000,vtr=str,
vl=0,pt=R_549421,cl=4,cld=1,fgs=12
Wed 2016-05-18 09:26:39.624: [390135] *  Virus result: 0 - Clean Wed
2016-05-18 09:26:39.624: [390135] *  Spam result: 4 - Spam (confirmed) Wed
2016-05-18 09:26:39.625: [390135] *  IWF result: 0 - Clean Wed 2016-05-18
09:26:39.626: [390135]  End Outbreak Protection results Wed 2016-05-18
09:26:39.628: [390135] Passing message through Spam Filter (Size: 11840)...
Wed 2016-05-18 09:26:40.651: [390135] *  3.0 MDAEMON_DNSBL MDaemon: marked
by MDaemon's DNSBL Wed 2016-05-18 09:26:40.651: [390135] *  2.5
MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Wed 2016-05-18 09:26:40.651:
[390135] *  1.6 BAYES_50 BODY: Bayes spam probability is 40 to 60%
Wed 2016-05-18 09:26:40.651: [390135] *  [score: 0.5107]
Wed 2016-05-18 09:26:40.651: [390135] *  0.8 RDNS_NONE Delivered to internal
network by a host with no rDNS Wed 2016-05-18 09:26:40.651: [390135] *  0.0
HELO_MISC_IP Looking for more Dynamic IP Relays Wed 2016-05-18 09:26:40.651:
[390135]  End SpamAssassin results Wed 2016-05-18 09:26:40.651: [390135]
Spam Filter score/req: 7.90/12.0 Wed 2016-05-18 09:26:40.809: [390135]
Message creation successful: d:\mdaemon\queues\inbound\md50007295647.msg
Wed 2016-05-18 09:26:40.809: [390135] --> 250 2.6.0 Ok, message saved
>
Wed 2016-05-18 09:26:40.817: [390135] <-- QUIT Wed 2016-05-18 09:26:40.817:
[390135] --> 221 2.0.0 See ya in cyberspace Wed 2016-05-18 09:26:40.817:
[390135] SMTP session successful (Bytes in/out: 11959/585) Wed 2016-05-18
09:26:40.817: --

Pak Syafril apakah pengaruh karena di mail server kami memiliki 2 domain yg
aktif 1 domain dengan edm-dima.co.id ( SMTP  :edm-ed-dima.com ) dan domain 1
lagi dengan dima.co.id ( SMTP mail.dima.co.id)
Saat ini yang aktif kami pakai domain dima.co.id ( SMTP dima.co.id ) apakah
spam ini masuk lewat SMTP yg tidak aktif kami ?

Wed 2016-05-18 09:26:35.815: [390135] <-- EHLO [115.79.46.28] Wed 2016-05-18
09:26:35.816: [390135] --> 250-edm.ed-dima.com Hello [115.79.46.28], pleased
to meet you

Thank's

Heryanto






-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
Syafril Hermansyah
Sent: 18 May 2016 8:34
To: Milis Komunitas MDaemon Indonesia <mdaemon-l@dutaint.com>
Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

On 18/05/16 08:06, Heryanto wrote:
> Pak Syafril berikut log nya ? mau bertanya pak kalau dilihat dari log 
> smtp in di bawah ini ada celah di mana ya pak ?
> 
> Wed 2016-05-18 06:02:41.066: [376213] Accepting SMTP connection from
> 188.76.84.3:52319 to 116.254.100.37:25

> Wed 2016-05-18 06:02:41.545: [376213] <-- EHLO 
> 3.84.76.188.dynamic.jazztel.es

> Wed 2016-05-18 06:02:42.047: [376213] Performing PTR lookup
> (3.84.76.188.IN-ADDR.ARPA)

> Wed 2016-05-18 06:02:42.069: [376213] *  D=3.84.76.188.IN-ADDR.ARPA
> TTL=(283) PTR=[3.84.76.188.dynamic.jazztel.es]

> Wed 2016-05-18 06:02:42.073: [376213] *  
> D=3.84.76.188.dynamic.jazztel.es
> TTL=(368) A=[188.76.84.3]

Masukkan Identitas sender host (3.84.76.188.dynamic.jazztel.es) kedalam
hostscreening.

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--host_screenin
g.htm

masukkan di ALL Ips

Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file
berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

salin/timpa ke \\mdaemon\app, lalu restart MDaemon servic

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Syafril Hermansyah

On 18/05/16 09:16, Ivan wrote:
> Wah bahaya pak, saya coba copy file ini restart MD, POP,SMTP jd inactive
> semua MD error. saya balikin lagi host file yg lama normal lagi.

Hostscreening itu untuk direct incoming connection atau ETRN/ODMR bukan
yang pakai domainpop/multipop.

Dengan perkataan lain, hostscreening (dan reverselookup) tidak ada
pengaruhnya kalau pakai domainpop/multipop; tetapi mestinya tidak akan
membuat MDaemon tidak berjalan kecuali ada firewall/proxy yang melakukan
intervensi.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Nasihat yang terbaik diberikan oleh pengalaman. Tapi nasehat itu
datangnya sering terlambat
-- Nicholas Amelot de la Houssave, 1634-1706


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Ivan


On 18/05/16 08:34, Syafril Hermansyah wrote:

Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file
berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

salin/timpa ke \\mdaemon\app, lalu restart MDaemon service dari windows
service control panel.
Wah bahaya pak, saya coba copy file ini restart MD, POP,SMTP jd inactive 
semua MD error. saya balikin lagi host file yg lama normal lagi.

--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Syafril Hermansyah

On 18/05/16 08:06, Heryanto wrote:
> Pak Syafril berikut log nya ? mau bertanya pak kalau dilihat dari log smtp
> in di bawah ini ada celah di mana ya pak ?
> 
> Wed 2016-05-18 06:02:41.066: [376213] Accepting SMTP connection from
> 188.76.84.3:52319 to 116.254.100.37:25

> Wed 2016-05-18 06:02:41.545: [376213] <-- EHLO
> 3.84.76.188.dynamic.jazztel.es

> Wed 2016-05-18 06:02:42.047: [376213] Performing PTR lookup
> (3.84.76.188.IN-ADDR.ARPA)

> Wed 2016-05-18 06:02:42.069: [376213] *  D=3.84.76.188.IN-ADDR.ARPA
> TTL=(283) PTR=[3.84.76.188.dynamic.jazztel.es]

> Wed 2016-05-18 06:02:42.073: [376213] *  D=3.84.76.188.dynamic.jazztel.es
> TTL=(368) A=[188.76.84.3]

Masukkan Identitas sender host (3.84.76.188.dynamic.jazztel.es) kedalam
hostscreening.

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--host_screening.htm

masukkan di ALL Ips

Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file
berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

salin/timpa ke \\mdaemon\app, lalu restart MDaemon service dari windows
service control panel.


> Wed 2016-05-18 06:37:38.479: [376488] Accepting SMTP connection from
> 116.111.51.94:2486 to 116.254.100.37:25

> Wed 2016-05-18 06:37:38.681: [376488] Performing PTR lookup
> (94.51.111.116.IN-ADDR.ARPA)

> Wed 2016-05-18 06:37:38.797: [376488] *  DNS server reports domain name
> unknown

> Wed 2016-05-18 06:37:38.797: [376488] *  No PTR records found

> Wed 2016-05-18 06:37:38.797: [376488]  End PTR results

Yang ini mestinya ditolak kalau semua menu PTR check di reverse lookup
check aktif

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--reverse_lookup.htm

[x] Perform PTR lookup on inbound SMTP connections
[x] ...send 501 and close connection if no PTR record exists
[x] ...send 501 and close connection if no PTR record match
[x] Exempt authenticated sessions (lookup will defer until after MAIL)


> -Original Message-
> From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
> Syafril Hermansyah
> Sent: 17 May 2016 21:58
> To: Milis Komunitas MDaemon Indonesia <mdaemon-l@dutaint.com>
> Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

> On 05/17/2016 08:06 PM, Heryanto wrote:
>> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak 
>> menerima email seperti di bawah ini apakah ada celah di settingan mail 
>> server kami sehingga spam mail bisa masuk.


Yang diatas ini dihapus saja saat reply, karena semua member milis sudah
punya salinannya.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Education is the power to think clearly, the power to act well in the
world's work, and the power to appreciate life.
--- Brigham Young


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Heryanto

 Action taken: none
Wed 2016-05-18 06:37:42.923: [376488] *  Result: none
Wed 2016-05-18 06:37:42.923: [376488]  End DMARC results
Wed 2016-05-18 06:37:42.924: [376488] Passing message through AntiVirus
(Size: 11840)...
Wed 2016-05-18 06:37:43.075: [376488] *  Message is clean (no viruses found)
Wed 2016-05-18 06:37:43.075: [376488]  End AntiVirus results
Wed 2016-05-18 06:37:43.365: [376488] Passing message through Outbreak
Protection...
Wed 2016-05-18 06:37:43.365: [376488] *  Message-ID:
<20160518063948.22F31A12E5@mail.hardja.local>
Wed 2016-05-18 06:37:43.365: [376488] *  Reference-ID:
str=0001.0A150203.573BABCB.0032,ss=4,re=0.000,recu=0.000,reip=0.000,vtr=str,
vl=0,pt=R_549421,cl=4,cld=1,fgs=12
Wed 2016-05-18 06:37:43.365: [376488] *  Virus result: 0 - Clean
Wed 2016-05-18 06:37:43.365: [376488] *  Spam result: 4 - Spam (confirmed)
Wed 2016-05-18 06:37:43.365: [376488] *  IWF result: 0 - Clean
Wed 2016-05-18 06:37:43.365: [376488]  End Outbreak Protection results
Wed 2016-05-18 06:37:43.368: [376488] Passing message through Spam Filter
(Size: 11840)...
Wed 2016-05-18 06:37:43.501: [376488] *  3.0 MDAEMON_DNSBL MDaemon: marked
by MDaemon's DNSBL
Wed 2016-05-18 06:37:43.501: [376488] *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon:
spam/phish
Wed 2016-05-18 06:37:43.501: [376488] *  1.6 BAYES_50 BODY: Bayes spam
probability is 40 to 60%
Wed 2016-05-18 06:37:43.501: [376488] *  [score: 0.5540]
Wed 2016-05-18 06:37:43.501: [376488] *  0.8 RDNS_NONE Delivered to internal
network by a host with no rDNS
Wed 2016-05-18 06:37:43.501: [376488] *  0.0 HELO_MISC_IP Looking for more
Dynamic IP Relays
Wed 2016-05-18 06:37:43.501: [376488]  End SpamAssassin results
Wed 2016-05-18 06:37:43.502: [376488] Spam Filter score/req: 7.90/12.0
Wed 2016-05-18 06:37:43.601: [376488] Message creation successful:
d:\mdaemon\queues\inbound\md50007294563.msg
Wed 2016-05-18 06:37:43.601: [376488] --> 250 2.6.0 Ok, message saved
>
Wed 2016-05-18 06:37:43.612: [376488] <-- QUIT
Wed 2016-05-18 06:37:43.612: [376488] --> 221 2.0.0 See ya in cyberspace
Wed 2016-05-18 06:37:43.612: [376488] SMTP session successful (Bytes in/out:
11948/579)
Wed 2016-05-18 06:37:43.613: ------

Thank's

Heryanto


-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
Syafril Hermansyah
Sent: 17 May 2016 21:58
To: Milis Komunitas MDaemon Indonesia <mdaemon-l@dutaint.com>
Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

On 05/17/2016 08:06 PM, Heryanto wrote:
> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak 
> menerima email seperti di bawah ini apakah ada celah di settingan mail 
> server kami sehingga spam mail bisa masuk.

Periksa ke smtp-in log untuk cari tahu siapa sebenarnya pengirim berlampiran
itu.andri_7D1143C9.zip (history_285 - 1.js) dan deny.iskandar_AE91615B.zip
(history_341 - 1.js) itu, agar bisa dianalisis apakah memang itu dari
spammer atau worm virus atau akun yang terkena hijack (di server lain).


Yang kedua, sebaiknya notify to sender/recipient jika ada attachment
restriction di non aktifkan saja, cukupkan ke notify ke Administrator karena
mungkin saja sendernya palsu (address spoofing).

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?cf_notifications.htm

[ ] Send restricted attachment notification message to...



--
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64 Harap tidak cc: atau
kirim ke private mail untuk masalah MDaemon.

We do not remember days, we remember moments.
--- Cesare Pavese

--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke
MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi
terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3





-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Heryanto

Dear Pak syafril,


Berikut salah satu log di smtp in

 
log :
 
Tue 2016-05-17 19:12:39.284: [370628] Session 370628; child 0001
Tue 2016-05-17 19:12:39.284: [370628] Parsing message 

Tue 2016-05-17 19:12:39.288: [370628] *  From: postmas...@ed-dima.com
Tue 2016-05-17 19:12:39.288: [370628] *  To: smallsherry54...@ccs.co.nz
Tue 2016-05-17 19:12:39.288: [370628] *  Subject: MDaemon Notification -- 
Attachment Removed
Tue 2016-05-17 19:12:39.288: [370628] *  Size (bytes): 1285
Tue 2016-05-17 19:12:39.288: [370628] *  Message-ID: 

Tue 2016-05-17 19:12:39.291: [370628] Resolving MX record for ccs.co.nz (DNS 
Server: 116.254.101.2)...
Tue 2016-05-17 19:12:39.303: [370628] *  P=050 S=000 D=ccs.co.nz TTL=(59) 
MX=[smtp.simedarby.co.nz]
Tue 2016-05-17 19:12:39.303: [370628] Attempting SMTP connection to 
smtp.simedarby.co.nz
Tue 2016-05-17 19:12:39.304: [370628] Resolving A record for 
smtp.simedarby.co.nz (DNS Server: 116.254.101.2)...
Tue 2016-05-17 19:12:39.306: [370628] *  D=smtp.simedarby.co.nz TTL=(35) 
A=[203.97.53.77]
Tue 2016-05-17 19:12:39.307: [370628] Attempting SMTP connection to 
203.97.53.77:25
Tue 2016-05-17 19:12:39.309: [370628] Waiting for socket connection...
Tue 2016-05-17 19:12:39.583: [370628] *  Connection established 
116.254.100.37:61888 --> 203.97.53.77:25
Tue 2016-05-17 19:12:39.583: [370628] Waiting for protocol to start...
Tue 2016-05-17 19:12:41.892: [370628] <-- 220 
*
Tue 2016-05-17 19:12:41.893: [370628] --> EHLO edm.ed-dima.com
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-legolas.simedarby.co.nz
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-PIPELINING
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-SIZE 52428800
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ETRN
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ENHANCEDSTATUSCODES
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-8BITMIME
Tue 2016-05-17 19:12:42.166: [370628] <-- 250 DSN
Tue 2016-05-17 19:12:42.166: [370628] --> MAIL

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Syafril Hermansyah

On 05/17/2016 08:06 PM, Heryanto wrote:
> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak
> menerima email seperti di bawah ini apakah ada celah di settingan mail
> server kami sehingga spam mail bisa masuk.

Periksa ke smtp-in log untuk cari tahu siapa sebenarnya pengirim
berlampiran  itu.andri_7D1143C9.zip (history_285 - 1.js) dan
deny.iskandar_AE91615B.zip (history_341 - 1.js) itu, agar bisa
dianalisis apakah memang itu dari spammer atau worm virus atau akun yang
terkena hijack (di server lain).

Yang kedua, sebaiknya notify to sender/recipient jika ada attachment
restriction di non aktifkan saja, cukupkan ke notify ke Administrator
karena mungkin saja sendernya palsu (address spoofing).

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?cf_notifications.htm

[ ] Send restricted attachment notification message to...

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We do not remember days, we remember moments.
--- Cesare Pavese

-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

2016-05-17 Terurut Topik Heryanto

Dear Pak Syafril ,

 

Mohon pencerahan nya bahwa mail server kami belakangan ini banyak menerima
email seperti di bawah ini apakah ada celah di settingan mail server kami
sehingga spam mail bisa masuk.

 

 

---

MDaemon has detected restricted attachments within an email message

---

 

>From  : smallsherry54...@ccs.co.nz  

To: an...@dima.co.id  

Subject   : [***SPAM*** Score/Req:07.90/6.0] Re:

Message-ID: <20160517141431.73369B03AD@mail.andri.local
 >

 

-

Attachment(s) removed

-

andri_7D1143C9.zip (history_285 - 1.js)

 

log :

 

Tue 2016-05-17 19:12:39.284: [370628] Session 370628; child 0001

Tue 2016-05-17 19:12:39.284: [370628] Parsing message


Tue 2016-05-17 19:12:39.288: [370628] *  From: postmas...@ed-dima.com

Tue 2016-05-17 19:12:39.288: [370628] *  To: smallsherry54...@ccs.co.nz

Tue 2016-05-17 19:12:39.288: [370628] *  Subject: MDaemon Notification --
Attachment Removed

Tue 2016-05-17 19:12:39.288: [370628] *  Size (bytes): 1285

Tue 2016-05-17 19:12:39.288: [370628] *  Message-ID:


Tue 2016-05-17 19:12:39.291: [370628] Resolving MX record for ccs.co.nz (DNS
Server: 116.254.101.2)...

Tue 2016-05-17 19:12:39.303: [370628] *  P=050 S=000 D=ccs.co.nz TTL=(59)
MX=[smtp.simedarby.co.nz]

Tue 2016-05-17 19:12:39.303: [370628] Attempting SMTP connection to
smtp.simedarby.co.nz

Tue 2016-05-17 19:12:39.304: [370628] Resolving A record for
smtp.simedarby.co.nz (DNS Server: 116.254.101.2)...

Tue 2016-05-17 19:12:39.306: [370628] *  D=smtp.simedarby.co.nz TTL=(35)
A=[203.97.53.77]

Tue 2016-05-17 19:12:39.307: [370628] Attempting SMTP connection to
203.97.53.77:25

Tue 2016-05-17 19:12:39.309: [370628] Waiting for socket connection...

Tue 2016-05-17 19:12:39.583: [370628] *  Connection established
116.254.100.37:61888 --> 203.97.53.77:25

Tue 2016-05-17 19:12:39.583: [370628] Waiting for protocol to start...

Tue 2016-05-17 19:12:41.892: [370628] <-- 220
*

Tue 2016-05-17 19:12:41.893: [370628] --> EHLO edm.ed-dima.com

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-legolas.simedarby.co.nz

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-PIPELINING

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-SIZE 52428800

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ETRN

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ENHANCEDSTATUSCODES

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-8BITMIME

Tue 2016-05-17 19:12:42.166: [370628] <-- 250 DSN

Tue 2016-05-17 19:12:42.166: [370628] --> MAIL

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

9 matches

Site Navigation

Mail list logo

Footer information