subject:"\[MDaemon\-L\] Spambot detection"

[mdaemon-l] Spambot Detection dan Location Screening Concern

2019-12-25 Terurut Topik Syafril Hermansyah

On 26/12/19 12.03, Slamet Raharjo (sraha...@aio.co.id) wrote:
> Saya akan activekan Spambot Detection dan Location Screening, namun ada
> beberapa concern sbb :
> 
> 1. Di tempat kami, TOP Management sering keluar negri (Singapore, Jepang,
> dan lainnya), apakah ada yang perlu di sesuaikan secara konfigurasi untuk
> Spambot Detection dan Location Screening ?
>  Agar proses Tarik kirim e-mail di neworks negara lain tetap aman dan
> dapat di lakukan.


- Saat bepergian keluar negeri selalu pakai mobile device dengan activesync
protocol.
- Boleh juga pakai laptop dengan email client outlook tetapi pilih protocolnya
activesync.

lebih lengkap lihat disini

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45513.html

> 2. Untuk Spambot menggunakan algoritma apa ya ? 


Spambot mendeteksi adanya mailbomb dari spambot node di internet.

https://en.wikipedia.org/wiki/Spambot

> Bagaimana cara kerjanya


http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?security--spambot_detection.htm

Spambot Detection tracks the IP addresses that every SMTP MAIL (return-path)
value uses over a given period of time. If the same return-path is used by an
inordinate number of different IP addresses in a short time, this could indicate
a spambot network. When a spambot is detected, the current connection is
immediately dropped and the return-path value is optionally blacklisted for a
length of time you specify  You can also optionally blacklist all the known
spambot IP addresses for a designated period.


> dan  apakah ada semacam info ke postmaster bahwa spambot telah melakukan block
> transaksi terhadap e-mail tertentu ?


Tidak, hanya tercatat di log.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We are products of our past, but we don't have to be prisoners of it.
--- Rick Warren


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[MDaemon-L] Spambot detection

2017-03-09 Terurut Topik Panji Perdiansyah

> Ada pilihan lain kalau pakai 16.0, masukkan sender IP kedalam spambot
> whitelist.
> 
> 64.18.0.0/20
> 64.233.160.0/19
> 66.102.0.0/20
> 66.249.80.0/20
> 72.14.192.0/18
> 74.125.0.0/16
> 108.177.8.0/21
> 173.194.0.0/16
> 207.126.144.0/20
> 209.85.128.0/17
> 216.58.192.0/19
> 216.239.32.0/19
> 172.217.0.0/19
> 108.177.96.0/19


Baik pak, saya akan coba.

Terimakasih
Panji Perdiansyah


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[MDaemon-L] Spambot detection

2017-03-09 Terurut Topik Syafril Hermansyah

On 09/03/17 12:04, Panji Perdiansyah wrote:
> Saya masih pakai V.16.0, baik pak terimakasih saya akan coba non aktifkan.


Ada pilihan lain kalau pakai 16.0, masukkan sender IP kedalam spambot
whitelist.

64.18.0.0/20
64.233.160.0/19
66.102.0.0/20
66.249.80.0/20
72.14.192.0/18
74.125.0.0/16
108.177.8.0/21
173.194.0.0/16
207.126.144.0/20
209.85.128.0/17
216.58.192.0/19
216.239.32.0/19
172.217.0.0/19
108.177.96.0/19




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 17.0-64 Beta RC1, SP 5.1.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Life is really simple, but we insist on making it complicated.
--- Confucius


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[MDaemon-L] Spambot detection

2017-03-08 Terurut Topik Panji Perdiansyah

> Masukkan sender address kedalam spambot detection whitelist jika sudah
> pakai MD 16.5.x
> 
> http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--
> spambot_detection.htm
> 
> from *@daiho.co.id
> 
> kalau masih pakai versi sebelumnya, non aktifkan spambot detection.

Saya masih pakai V.16.0, baik pak terimakasih saya akan coba non aktifkan.

Terimakasih
Panji P


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[MDaemon-L] Spambot detection

2017-03-08 Terurut Topik Syafril Hermansyah

On 09/03/17 11:30, Panji Perdiansyah wrote:
> Mohon bantuannya log berikut ini. email tersebut kirim ke beberapa user kami
> dan sebagian diterima dengan baik.
> 
> Tapi ada user yang lognya seperti ini.


> Tue 2017-03-07 15:11:01.075: Spambot detection added
> material_st...@daiho.co.id to block list for 10 minutes
> 
> Tue 2017-03-07 15:11:01.075: --> 550 5.1.1 Too many IPs seen in too short a
> time frame


Masukkan sender address kedalam spambot detection whitelist jika sudah
pakai MD 16.5.x

http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--spambot_detection.htm

from *@daiho.co.id

kalau masih pakai versi sebelumnya, non aktifkan spambot detection.





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 17.0-64 Beta RC1, SP 5.1.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Anyone who stops learning is old, whether twenty or eighty. Anyone who
keeps learning stays young. The greatest thing you can do is keep your
mind young.
--- Mark Twain (1835 - 1910)


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[MDaemon-L] Spambot detection

2017-03-08 Terurut Topik Panji Perdiansyah

Dear Pak Syafril,

 

Mohon bantuannya log berikut ini. email tersebut kirim ke beberapa user kami
dan sebagian diterima dengan baik.

Tapi ada user yang lognya seperti ini.

 

Tue 2017-03-07 15:10:59.866: Session 316708; child 0004

Tue 2017-03-07 15:10:59.866: Accepting SMTP connection from
74.125.83.42:35322 to 10.3.50.45:25

Tue 2017-03-07 15:10:59.867: --> 220 mail.s-iki.co.id ESMTP MDaemon 16.0.2;
Tue, 07 Mar 2017 15:10:59 +0700

Tue 2017-03-07 15:11:00.059: <-- EHLO mail-pg0-f42.google.com

Tue 2017-03-07 15:11:00.059: --> 250-mail.s-iki.co.id Hello
mail-pg0-f42.google.com [74.125.83.42], pleased to meet you

Tue 2017-03-07 15:11:00.059: --> 250-ETRN

Tue 2017-03-07 15:11:00.059: --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Tue 2017-03-07 15:11:00.059: --> 250-8BITMIME

Tue 2017-03-07 15:11:00.059: --> 250-ENHANCEDSTATUSCODES

Tue 2017-03-07 15:11:00.059: --> 250 SIZE

Tue 2017-03-07 15:11:00.250: <-- MAIL FROM:
SIZE=59523

Tue 2017-03-07 15:11:00.258: Performing PTR lookup
(42.83.125.74.IN-ADDR.ARPA)

Tue 2017-03-07 15:11:00.267: *  D=42.83.125.74.in-addr.arpa TTL=(1088)
PTR=[mail-pg0-f42.google.com]

Tue 2017-03-07 15:11:00.280: *  D=mail-pg0-f42.google.com TTL=(1088)
A=[74.125.83.42]

Tue 2017-03-07 15:11:00.280:  End PTR results

Tue 2017-03-07 15:11:00.289: Performing IP lookup (mail-pg0-f42.google.com)

Tue 2017-03-07 15:11:00.295: *  D=mail-pg0-f42.google.com TTL=(1088)
A=[74.125.83.42]

Tue 2017-03-07 15:11:00.295:  End IP lookup results

Tue 2017-03-07 15:11:00.303: Performing IP lookup (daiho.co.id)

Tue 2017-03-07 15:11:00.309: *  D=daiho.co.id TTL=(55) A=[119.11.143.219]

Tue 2017-03-07 15:11:00.317: *  P=001 S=002 D=daiho.co.id TTL=(55)
MX=[aspmx.l.google.com] {74.125.200.26}

Tue 2017-03-07 15:11:00.317: *  P=005 S=003 D=daiho.co.id TTL=(55)
MX=[alt1.aspmx.l.google.com] {74.125.28.26}

Tue 2017-03-07 15:11:00.317: *  P=005 S=004 D=daiho.co.id TTL=(55)
MX=[alt2.aspmx.l.google.com] {173.194.67.27}

Tue 2017-03-07 15:11:00.317: *  P=010 S=000 D=daiho.co.id TTL=(55)
MX=[alt3.aspmx.l.google.com] {64.233.191.27}

Tue 2017-03-07 15:11:00.317: *  P=010 S=001 D=daiho.co.id TTL=(55)
MX=[alt4.aspmx.l.google.com] {173.194.219.27}

Tue 2017-03-07 15:11:00.317:  End IP lookup results

Tue 2017-03-07 15:11:00.319: Performing SPF lookup (daiho.co.id /
74.125.83.42)

Tue 2017-03-07 15:11:00.319: *  Policy (cache): v=spf1
include:_spf.google.com ~all

Tue 2017-03-07 15:11:00.319: *  Evaluating include:_spf.google.com:
performing lookup

Tue 2017-03-07 15:11:00.322: *Policy: v=spf1
include:_netblocks.google.com include:_netblocks2.google.com
include:_netblocks3.google.com ~all

Tue 2017-03-07 15:11:00.322: *Evaluating include:_netblocks.google.com:
performing lookup

Tue 2017-03-07 15:11:00.322: *  Policy (cache): v=spf1 ip4:64.18.0.0/20
ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18
ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20
ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0

Tue 2017-03-07 15:11:00.323: *  Evaluating ip4:64.18.0.0/20: no match

Tue 2017-03-07 15:11:00.323: *  Evaluating ip4:64.233.160.0/19: no match

Tue 2017-03-07 15:11:00.323: *  Evaluating ip4:66.102.0.0/20: no match

Tue 2017-03-07 15:11:00.323: *  Evaluating ip4:66.249.80.0/20: no match

Tue 2017-03-07 15:11:00.323: *  Evaluating ip4:72.14.192.0/18: no match

Tue 2017-03-07 15:11:00.323: *  Evaluating ip4:74.125.0.0/16: match

Tue 2017-03-07 15:11:00.323: *Evaluating include:_netblocks.google.com:
match

Tue 2017-03-07 15:11:00.323: *  Evaluating include:_spf.google.com: match

Tue 2017-03-07 15:11:00.323: *  Result: pass

Tue 2017-03-07 15:11:00.323:  End SPF results

Tue 2017-03-07 15:11:00.323: --> 250 2.1.0 Sender OK

Tue 2017-03-07 15:11:01.065: <-- RCPT TO:

Tue 2017-03-07 15:11:01.075: Spambot detection added
material_st...@daiho.co.id to block list for 10 minutes

Tue 2017-03-07 15:11:01.075: --> 550 5.1.1 Too many IPs seen in too short a
time frame

Tue 2017-03-07 15:11:01.076: SMTP session terminated (Bytes in/out: 108/330)

 

 

Thanks and Regards

Panji Perdiansyah


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1

[mdaemon-l] Spambot Detection dan Location Screening Concern

[MDaemon-L] Spambot detection

[MDaemon-L] Spambot detection

[MDaemon-L] Spambot detection

[MDaemon-L] Spambot detection

[MDaemon-L] Spambot detection

6 matches

Site Navigation

Mail list logo

Footer information