[Mdaemon-L] Email Spam masih lolos

[Syafril Hermansyah via Mdaemon-L]

On 6/8/22 10:58, Syafril Hermansyah via Mdaemon-L wrote:

Pada 8 Juni 2022 08.59.53 WIB, zul  menulis:



Salah satu email ada yang masih ada kelolosan email spam

Kalau sender adalah akun yang terhijack maka bisa saja terjadi yang kirim 
adalah hacker, bukan pemilik akun asli; sehingg


... sehingga spam mail itu diterima.



mohon di bantu apa ada solusi nya.

  [01518351] <-- MAIL FROM:  BODY=8BITMIME


Masukkan sender address/domain ke dalam spam filter block list (by sender).

http://mdaemon.dutaint.co.id/mdaemon/22.0/sf_black_list.html



Tambahan


Wed 2022-06-08 07:12:27.004: [01518351] Performing PTR lookup 
(65.49.76.201.IN-ADDR.ARPA)
Wed 2022-06-08 07:12:32.245: [01518351] *  D=65.49.76.201.IN-ADDR.ARPA TTL=(60) 
PTR=[mail4965.hm1315.locaweb.com.br]
Wed 2022-06-08 07:12:33.778: [01518351] *  D=mail4965.hm1315.locaweb.com.br 
TTL=(59) A=[201.76.49.65]



Boleh masukkan sender IP 201.76.49.65 kedalam Dynamic Screening 
Blacklist untuk jangka waktu 7 hari.
Bukan dimasukkan kedalam IPscreening, karena sender host itu adalah 
SMTPrelay server (macam outbound.protection.outlook.com atau 
smarthost.isp.net.id).


http://mdaemon.dutaint.co.id/mdaemon/22.0/dynamic-screening_dynamic-blacklist.html


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 22.0.0 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Competition is the keen cutting edge of business, always shaving away at 
costs.

--- Henry Ford


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0, SecurityGateway 8.5.2

[Mdaemon-L] Email Spam masih lolos

[Syafril Hermansyah via Mdaemon-L]

Pada 8 Juni 2022 08.59.53 WIB, zul  menulis:


>
>Salah satu email ada yang masih ada kelolosan email spam

Kalau sender adalah akun yang terhijack maka bisa saja terjadi yang kirim 
adalah hacker, bukan pemilik akun asli; sehingg


>mohon di bantu apa ada solusi nya.
>
 [01518351] <-- MAIL 
>FROM: BODY=8BITMIME


Masukkan sender address/domain ke dalam spam filter block list (by sender).

http://mdaemon.dutaint.co.id/mdaemon/22.0/sf_black_list.html




-- 
syafril
--
Syafril Hermansyah

Sent from my Android device with K-9 Mail. Please excuse any typo and my brevity

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 22.0, SecurityGateway 8.5.2

[Mdaemon-L] Email Spam masih lolos

[zul]

Selamat Pagi


Salah satu email ada yang masih ada kelolosan email spam


mohon di bantu apa ada solusi nya.


Salam




Wed 2022-06-08 07:12:24.677: [01518351] Session 01518351; child 0001
Wed 2022-06-08 07:12:24.677: [01518351] Accepting SMTP connection from 
201.76.49.65:28806 to 202.47.68.6:25
Wed 2022-06-08 07:12:24.677: [01518351] Location Screen says connection is 
from Brazil, South America
Wed 2022-06-08 07:12:24.679: [01518351] --> 220 mail.indonakano.co.id ESMTP 
Wed, 08 Jun 2022 07:12:24 +0700
Wed 2022-06-08 07:12:25.063: [01518351] <-- EHLO 
mail4965.hm1315.locaweb.com.br
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-mail.indonakano.co.id Hello 
mail4965.hm1315.locaweb.com.br [201.76.49.65], pleased to meet you
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-ETRN
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-8BITMIME
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-ENHANCEDSTATUSCODES
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-PIPELINING
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-CHUNKING
Wed 2022-06-08 07:12:25.063: [01518351] --> 250-STARTTLS
Wed 2022-06-08 07:12:25.063: [01518351] --> 250 SIZE
Wed 2022-06-08 07:12:25.441: [01518351] <-- STARTTLS
Wed 2022-06-08 07:12:25.441: [01518351] --> 220 2.7.0 Ready to start TLS
Wed 2022-06-08 07:12:26.233: [01518351] SSL negotiation successful (TLS 1.2, 
256 bit key exchange, 256 bit AES encryption)
Wed 2022-06-08 07:12:26.612: [01518351] <-- EHLO 
mail4965.hm1315.locaweb.com.br
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-mail.indonakano.co.id Hello 
mail4965.hm1315.locaweb.com.br [201.76.49.65], pleased to meet you
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-ETRN
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-8BITMIME
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-ENHANCEDSTATUSCODES
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-PIPELINING
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-CHUNKING
Wed 2022-06-08 07:12:26.612: [01518351] --> 250-REQUIRETLS
Wed 2022-06-08 07:12:26.612: [01518351] --> 250 SIZE
Wed 2022-06-08 07:12:27.004: [01518351] <-- MAIL 
FROM: BODY=8BITMIME
Wed 2022-06-08 07:12:27.004: [01518351] Performing PTR lookup 
(65.49.76.201.IN-ADDR.ARPA)
Wed 2022-06-08 07:12:32.245: [01518351] *  D=65.49.76.201.IN-ADDR.ARPA 
TTL=(60) PTR=[mail4965.hm1315.locaweb.com.br]
Wed 2022-06-08 07:12:33.778: [01518351] *  D=mail4965.hm1315.locaweb.com.br 
TTL=(59) A=[201.76.49.65]
Wed 2022-06-08 07:12:33.778: [01518351]  End PTR results
Wed 2022-06-08 07:12:33.781: [01518351] Performing IP lookup 
(mail4965.hm1315.locaweb.com.br)
Wed 2022-06-08 07:12:33.782: [01518351] *  D=mail4965.hm1315.locaweb.com.br 
TTL=(59) A=[201.76.49.65]
Wed 2022-06-08 07:12:33.782: [01518351]  End IP lookup results
Wed 2022-06-08 07:12:33.782: [01518351] Performing IP lookup 
(orientelogistica.com.br)
Wed 2022-06-08 07:12:33.784: [01518351] *  D=orientelogistica.com.br 
TTL=(49) A=[186.202.151.18]
Wed 2022-06-08 07:12:33.787: [01518351] *  P=010 S=000 
D=orientelogistica.com.br TTL=(49) MX=[mx.core.locaweb.com.br]
Wed 2022-06-08 07:12:33.787: [01518351] *  P=010 S=001 
D=orientelogistica.com.br TTL=(49) MX=[mx.b.locaweb.com.br]
Wed 2022-06-08 07:12:33.787: [01518351] *  P=020 S=002 
D=orientelogistica.com.br TTL=(49) MX=[mx.jk.locaweb.com.br]
Wed 2022-06-08 07:12:33.787: [01518351] *  P=020 S=003 
D=orientelogistica.com.br TTL=(49) MX=[mx.a.locaweb.com.br]
Wed 2022-06-08 07:12:33.788: [01518351] *  D=mx.core.locaweb.com.br TTL=(46) 
A=[177.153.23.241]
Wed 2022-06-08 07:12:33.790: [01518351] *  D=mx.b.locaweb.com.br TTL=(3) 
A=[177.153.23.242]
Wed 2022-06-08 07:12:33.791: [01518351] *  D=mx.jk.locaweb.com.br TTL=(49) 
A=[200.234.204.130]
Wed 2022-06-08 07:12:33.793: [01518351] *  D=mx.a.locaweb.com.br TTL=(226) 
A=[186.202.4.42]
Wed 2022-06-08 07:12:33.793: [01518351]  End IP lookup results
Wed 2022-06-08 07:12:33.793: [01518351] Performing SPF lookup 
(mail4965.hm1315.locaweb.com.br / 201.76.49.65)
Wed 2022-06-08 07:13:08.071: [01518351] *  Result: none; no SPF record in 
DNS
Wed 2022-06-08 07:13:08.071: [01518351]  End SPF results
Wed 2022-06-08 07:13:08.071: [01518351] Performing SPF lookup 
(orientelogistica.com.br / 201.76.49.65)
Wed 2022-06-08 07:13:08.071: [01518351] *  Policy (cache): v=spf1 
include:_spf.locaweb.com.br ?all
Wed 2022-06-08 07:13:08.071: [01518351] *  Evaluating 
include:_spf.locaweb.com.br: performing lookup
Wed 2022-06-08 07:13:08.071: [01518351] *Policy (cache): v=spf1 
ip4:200.234.192.0/19 ip4:201.76.32.0/19 ip4:189.126.96.0/19 
ip4:187.45.192.0/19 ip4:187.45.224.0/19 ip4:186.202.0.0/24 
ip4:186.202.9.64/26 ip4:200.234.210.0/25 ip4:186.202.21.128/25 
ip4:177.153.9.0/26 include:_spf2.lo
Wed 2022-06-08 07:13:08.071: [01518351] *Evaluating 
ip4:200.234.192.0/19: no match
Wed 2022-06-08 07:13:08.071: [01518351] *Evaluating ip4:201.76.32.0/19: 
match
Wed 2022-06-08 07:13:08.071: [01518351] *  Evaluating 
include:_spf.locaweb.com.br: match
Wed 2022-06-08 07:13:08.071: [01518351] *  Result: pass
Wed 

[Mdaemon-L] Email Spam

[Syafril Hermansyah via Mdaemon-L]

Pada 02/03/22 13.52, Bambang Setiawan via Mdaemon-L menulis:
Mohon bantuan Bapak, hari ini mailserver kami menerima banyak email spam 
dengan lampiran file xlsm dan sender yang berubah-rubah.



terlampir contoh dari header email tersebut



X-Spam-Report:
*  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
*  0.0 SPF_NONE SPF: sender does not publish an SPF Record
*  2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:
*  date
*  0.1 URI_HEX URI: URI hostname has long hexadecimal sequence
*  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.0 HTML_MESSAGE BODY: HTML included in message
* -0.0 T_SCC_BODY_TEXT_LINE No description available.



Atur  ulang nilai outbreak protection untuk spam, naikkan nilainya.

http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sp_outbreak_protection.html

Spam should be...

[x] accepted for filteringScore: 9.5

Lengkapnya bisa terapkan setting antispam seperti ini

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html

Setelah menerapkan parameter diatas, jangan lupa untuk melakukan report 
spam ke MDaemon.com agar ada adjustment spam score yang akan diupdate ke 
MDaemon mail.persada.id melalui Spam Filter Update.


http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sf_antispam_updates.html

Semua phising spam mail yang ada di quarantine queue dipilih satu 
persatu lalu dari Right-Mouse-Click menu pilih menu Report to 
MDaemon.com | Spam False Negative.





--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 21.5.2 64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I'm unpredictable, I never know where I'm going until I get there, I'm 
so random, I'm always growing, learning, changing, I'm never the same 
person twice. But one thing you can be sure of about me; is I will 
always do exactly what I want to do.

--- C. JoyBell C.


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0

[Mdaemon-L] Email Spam

[Bambang Setiawan via Mdaemon-L]

Dear Pak Syafril,


Mohon bantuan Bapak, hari ini mailserver kami menerima banyak email spam 
dengan lampiran file xlsm dan sender yang berubah-rubah.


terlampir contoh dari header email tersebut, sementara ini saya buat 
content filter untuk mencegah email-email tersebut masuk ke mailbox user 
kami.


X-MDAV-Result: infected
X-MDAV-Infected: password-protected
X-MDAV-Processed: mail.persada.id, Wed, 02 Mar 2022 13:45:13 +0700
X-Spam-Processed: mail.persada.id, Wed, 02 Mar 2022 13:45:13 +0700
Return-path: 
X-Spam-Flag: YES
X-Spam-Level: *
X-Spam-Status: Yes, score=5.2 required=5.0 tests=DATE_IN_FUTURE_12_24,
    HTML_MESSAGE,MDAEMON_OP_SPAM_HIGH,MIME_HTML_ONLY,SPF_NONE,
    T_SCC_BODY_TEXT_LINE,URI_HEX shortcircuit=no autolearn=disabled
    version=3.4.4
X-Spam-Report:
    *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
    *  0.0 SPF_NONE SPF: sender does not publish an SPF Record
    *  2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received:
    *  date
    *  0.1 URI_HEX URI: URI hostname has long hexadecimal sequence
    *  0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
    *  0.0 HTML_MESSAGE BODY: HTML included in message
    * -0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24)
Authentication-Results: mail.persada.id;
    spf=none smtp.mailfrom=rmuje...@leabridge.co.zw;
    dmarc=none header.from=leabridge.co.zw (no DMARC record);
    iprev=pass policy.iprev=198.23.61.111 (PTR kosmostechnologies.org);
    iprev=pass policy.iprev=198.23.61.111 (HELO kosmostechnologies.org);
    iprev=pass policy.iprev=198.23.61.111 (MAIL rmuje...@leabridge.co.zw)
Received: from kosmostechnologies.org (kosmostechnologies.org 
[198.23.61.111]) by mail.persada.id (103.150.114.156) (MDaemon PRO v21.5.2)

    with ESMTP id md5001002977706.msg; Wed, 02 Mar 2022 13:45:12 +0700
X-MDOP-RefID: 
str=0001.0A67342B.621F1277.00C8,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,pt=R_967809,cl=4,cld=1,fgs=0 
(_st=4 _vt=0 _iwf=0)

X-MDRemoteIP: 198.23.61.111
X-MDHelo: kosmostechnologies.org
X-MDArrival-Date: Wed, 02 Mar 2022 13:45:12 +0700
X-MDOrigin-Country: US, NA
X-Rcpt-To: deviana.purw...@persada.id
X-MDRcpt-To: deviana.purw...@persada.id
X-Return-Path: rmuje...@leabridge.co.zw
X-Envelope-From: rmuje...@leabridge.co.zw
X-MDaemon-Deliver-To: deviana.purw...@persada.id
Received: from [122.2.22.242] (port=63503)
    by altar45.supremepanel45.com with esmtpsa  (TLS1.2) tls 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    (Exim 4.94.2)
    (envelope-from )
    id 1nPIjO-0002No-Ni
    for deviana.purw...@persada.id; Wed, 02 Mar 2022 06:45:01 +
Date: Wed, 02 Mar 2022 14:45:01 -0800
From: " wulan.ut...@persada.id 
(rmuje...@leabridge.co.zw)" 

To: "" 
Subject: RE: deviana.purw...@persada.id
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_NextPart_00136_2072_139952479.3020957578"
X-AntiAbuse: This header was added to track abuse, please include it 
with any abuse report

X-AntiAbuse: Primary Hostname - altar45.supremepanel45.com
X-AntiAbuse: Original Domain - persada.id
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - leabridge.co.zw
X-Get-Message-Sender-Via: altar45.supremepanel45.com: authenticated_id: 
rmuje...@leabridge.co.zw

X-Source:
X-Source-Args:
X-Source-Dir:
Message-ID: 
X-MDBadQueue-Reason: CF Rule "Xlsm"

--=_NextPart_00136_2072_139952479.3020957578
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable







Hi ,


=0DSee attached



DATA 8082396.zip
zip password: 089



Thank you,


APRILLIA WULAN UTARI
wulan.ut...@persada.id





Atas bantuannya diucapkan terima kasih.


Salam

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0

[mdaemon-l] Email Spam

[Syafril Hermansyah via mdaemon-l]

On 05/08/20 14.45, Syafril Hermansyah via mdaemon-l wrote:
> On 05/08/20 14.03, Bambang Setiawan via mdaemon-l wrote:

>> Saat ini saya coba juga membuat Content Filter untuk mencegat email serupa (
>> saya pindahkan ke bad queue )
> 
> 
> Content filter itu bukan antispam, jangan memaksa dipakai untuk filter spam
> karena akan banyak salahnya (false positive result).
> Content filter itu untuk mengubah mail flow/process.
> 
> 
> Kalau memang spamnya (masih) bisa lewat legalitas check dan host screening 
> maka
> gunakan antispam content filtering (blacklist sender) atau blacklist contact 
> (di
> masing-2x akun webmail) atau sender blacklist.
> Umumnya mail dari free public domain akan lolos legalitas check.
> 
> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?sf_white_list_from.htm


Oops, link yang benar

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?sf_black_list.htm

> https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=991
> 
> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--sender-blacklist.htm




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Leadership and learning are indispensable to each other
--- John F. Kennedy


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Email Spam

[Syafril Hermansyah via mdaemon-l]

On 05/08/20 14.03, Bambang Setiawan via mdaemon-l wrote:
>> Ada yang salah di setting legalitas check sehingga mail dari sender host yang
>> tidak memenuhi kriteria forward confirm reverse DNS tidak ditolak.
>>
>> http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--reverse_lookup.htm
> 
> Saya sudah sesuaikan settingnya pak.


Ok.

> Saat ini saya coba juga membuat Content Filter untuk mencegat email serupa (
> saya pindahkan ke bad queue )


Content filter itu bukan antispam, jangan memaksa dipakai untuk filter spam
karena akan banyak salahnya (false positive result).
Content filter itu untuk mengubah mail flow/process.


Kalau memang spamnya (masih) bisa lewat legalitas check dan host screening maka
gunakan antispam content filtering (blacklist sender) atau blacklist contact (di
masing-2x akun webmail) atau sender blacklist.
Umumnya mail dari free public domain akan lolos legalitas check.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?sf_white_list_from.htm

https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=991

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--sender-blacklist.htm



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Tell me and I forget. Teach me and I remember. Involve me and I learn.
--- Benjamin Franklin


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Email Spam

[Bambang Setiawan via mdaemon-l]

On 03/08/2020 11.25, Syafril Hermansyah via mdaemon-l wrote:


Kelihatannya bukan ke milis a...@persada.id atau every...@persada.id.

Betul pak, bukan ke kedua alamat ini

Ada yang salah di setting legalitas check sehingga mail dari sender host yang
tidak memenuhi kriteria forward confirm reverse DNS tidak ditolak.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--reverse_lookup.htm


Saya sudah sesuaikan settingnya pak.

Saat ini saya coba juga membuat Content Filter untuk mencegat email 
serupa ( saya pindahkan ke bad queue )


Mohon infonya pak, jika ada email serupa masuk ke bad queue apakah 
artinya email spam ini tetap bisa masuk jika CF nya saya non aktifkan ?



Terima kasih

Content Bad Queue


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Email Spam

[Syafril Hermansyah via mdaemon-l]

On 03/08/20 10.34, Bambang Setiawan via mdaemon-l wrote:
> Mohon bantuannya kembali pak, hari ini banyak sekali email yang sepertinya ke
> all user email sbb ;


Kelihatannya bukan ke milis a...@persada.id atau every...@persada.id.


> Return-path: 
> Authentication-Results: mail.persada.id;
>     spf=none smtp.mailfrom=le...@vdocam.com;
>     iprev=fail policy.iprev=178.218.98.180 reason="no records found" (PTR
> 180.98.218.178.IN-ADDR.ARPA);
>     iprev=pass policy.iprev=178.218.98.180 (HELO [178.218.98.180]);
>     iprev=fail policy.iprev=178.218.98.180 reason="does not match" (MAIL
> le...@vdocam.com)


Ada yang salah di setting legalitas check sehingga mail dari sender host yang
tidak memenuhi kriteria forward confirm reverse DNS tidak ditolak.

http://mdaemon.dutaint.co.id/mdaemon/20.0/index.html?security--reverse_lookup.htm


[x] Perform PTR lookup on inbound SMTP connections
[x] ...send 501 and close connection if no PTR record exists (caution)
[x] ...send 501 and close connection if no PTR record match
[x] Exempt authenticated sessions

lihat lengkapnya disini

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg46143.html


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit Beta F
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

If your actions inspire others to dream more, learn more, do more and become
more, you are a leader.
--- John Quincy Adams


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Email Spam

[Bambang Setiawan via mdaemon-l]

On 30/07/2020 12.10, Syafril Hermansyah via mdaemon-l wrote:


Sender host sudah diblock dan diupdate ke

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat


Terima kasih pak,


Mohon bantuannya kembali pak, hari ini banyak sekali email yang 
sepertinya ke all user email sbb ;



Return-path: 
Authentication-Results: mail.persada.id;
    spf=none smtp.mailfrom=le...@vdocam.com;
    iprev=fail policy.iprev=178.218.98.180 reason="no records found" 
(PTR 180.98.218.178.IN-ADDR.ARPA);

    iprev=pass policy.iprev=178.218.98.180 (HELO [178.218.98.180]);
    iprev=fail policy.iprev=178.218.98.180 reason="does not match" 
(MAIL le...@vdocam.com)
Received: from [178.218.98.180] [(178.218.98.180)] by mail.persada.id 
(124.81.84.135) (MDaemon PRO v20.0.0)

    with ESMTP id md500159959.msg; Mon, 03 Aug 2020 10:27:09 +0700
X-MDDNSBL-Result: mail.persada.id, Mon, 03 Aug 2020 10:27:09 +0700
    zen.spamhaus.org returned result of 127.0.0.3
X-MDRemoteIP: 178.218.98.180
X-MDHelo: [178.218.98.180]
X-MDArrival-Date: Mon, 03 Aug 2020 10:27:09 +0700
X-MDOrigin-Country: Russia, Europe
X-Rcpt-To: rhaisya.zimbal...@persada.id
X-MDRcpt-To: rhaisya.zimbal...@persada.id
X-Return-Path: le...@vdocam.com
X-Envelope-From: le...@vdocam.com
X-MDaemon-Deliver-To: rhaisya.zimbal...@persada.id
Message-ID: <880DC0EFC14522EE6BA689A72344880D@0JIPDKJ>
From: 
To: 
Subject: Periksa kerahasiaan informasi Anda (sesuai dengan layanan 
keamanan kami, akun Anda telah diretas).

Date: 3 Aug 2020 21:57:41 +0900
MIME-Version: 1.0
Content-Type: multipart/alternative;
    boundary="=_NextPart_000_0011_01D66999.01351C4E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2810
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2810

This is a multi-part message in MIME format.

--=_NextPart_000_0011_01D66999.01351C4E
Content-Type: text/plain;
    charset="cp-850"
Content-Transfer-Encoding: quoted-printable


Statusnya sama pak, sender-nya berubah-ubah :-(


Terima kasih.

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Email Spam

[Syafril Hermansyah via mdaemon-l]

On 30/07/20 11.50, Bambang Setiawan via mdaemon-l wrote:
> Mohon bantuannya untuk masalah email spam yang lolos sebagai berikut,
> 
> Subject-nya sama tetapi sendernya berubah-ubah pak.
> 
> 
> Authentication-Results: mail.persada.id;
>   spf=pass smtp.mailfrom=admi...@stevesteyn.co.za;
>   dkim=pass (good signature) header.d=stevesteyn.co.za 
> header.b=uzKuyBmt3r;
>   dmarc=none header.from=stevesteyn.co.za (no DMARC record);
>   iprev=pass policy.iprev=41.204.199.149 (PTR sv1.linux-hosting.co.za);
>   iprev=pass policy.iprev=41.204.199.149 (HELO sv1.linux-hosting.co.za);
>   iprev=pass policy.iprev=41.204.199.149 (MAIL admi...@stevesteyn.co.za)


Sender host sudah diblock dan diupdate ke

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0.1-64 bit Beta E
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Competition is the keen cutting edge of business, always shaving away at costs.
--- Henry Ford


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] Email Spam

[Bambang Setiawan via mdaemon-l]

Dear Pak Syafril,


Mohon bantuannya untuk masalah email spam yang lolos sebagai berikut,

Subject-nya sama tetapi sendernya berubah-ubah pak.


Return-path: 
Authentication-Results: mail.persada.id;
spf=pass smtp.mailfrom=admi...@stevesteyn.co.za;
dkim=pass (good signature) header.d=stevesteyn.co.za 
header.b=uzKuyBmt3r;
dmarc=none header.from=stevesteyn.co.za (no DMARC record);
iprev=pass policy.iprev=41.204.199.149 (PTR sv1.linux-hosting.co.za);
iprev=pass policy.iprev=41.204.199.149 (HELO sv1.linux-hosting.co.za);
iprev=pass policy.iprev=41.204.199.149 (MAIL admi...@stevesteyn.co.za)
Received-SPF: pass (mail.persada.id: domain stevesteyn.co.za
designates 41.204.199.149 as permitted sender)
receiver=mail.persada.id; client-ip=41.204.199.149;
mechanism=a; envelope-from="admi...@stevesteyn.co.za";
helo=sv1.linux-hosting.co.za;
Received: from sv1.linux-hosting.co.za (sv1.linux-hosting.co.za 
[41.204.199.149])
by mail.persada.id (124.81.84.135) (MDaemon PRO v20.0.0) with ESMTP id 
md500149743.msg;
Thu, 30 Jul 2020 11:12:39 +0700
X-Spam-Level:
X-Spam-Status: No, score=0.10 required=5.0
X-Spam-Report:
*  0.1 MISSING_MID Missing Message-Id: header
X-Spam-Processed: mail.persada.id, Thu, 30 Jul 2020 11:12:39 +0700
(processed during SMTP session)
X-MDDKIM-Result: unapproved (mail.persada.id)
X-MDSPF-Result: unapproved (mail.persada.id)
X-MDRemoteIP: 41.204.199.149
X-MDHelo: sv1.linux-hosting.co.za
X-MDArrival-Date: Thu, 30 Jul 2020 11:12:39 +0700
X-MDOrigin-Country: South Africa, Africa
X-Rcpt-To: suwig...@persada.id
X-MDRcpt-To: suwig...@persada.id
X-Return-Path: admi...@stevesteyn.co.za
X-Envelope-From: admi...@stevesteyn.co.za
X-MDaemon-Deliver-To: suwig...@persada.id
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=stevesteyn.co.za; s=default; 
h=Content-Type:MIME-Version:Subject:To:From:
Date:Sender:Reply-To:Message-ID:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=K1FdWEUOE3n0O5y/Y2boW2SC1RqQUI/edn7O/2A1ZgQ=; 
b=uzKuyBmt3rQltaLO9dQriLkab9

NeAQzfnddrqxrjkR5NM40PKuEW2K6TYWeIP3S+SK7+AT5N7yRb2rBhaBqhgh3DRYc6g2+scl4Plte

M1hpDGoAKNlH3CFkpwIYISyPsJ5veqJ76at9MXSm+ZxLA5MZ+DZR994HzwOd3mhbWLuZmlqS62U2L

IkbWUJm9cNUqsnY8lAJisuHfbpqseFQVJpx9RUUwhDU8KXybMU2l22IzJC7Cqxzbt6mLwvpm3CL3s

BZf2xL9pOkyk82Y9h8dmz97YqKWee90/EGUQiqZTCixT/FFQ9NmVY8t+4SBZB1nqpwqxpHkySuZPi
pWh/ZMyg==;
Received: from [190.210.238.245] (port=62981)
by sv1.linux-hosting.co.za with esmtpsa  (TLS1.2) tls 
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from )
id 1k0zvb-0002CE-VT
for suwig...@persada.id; Thu, 30 Jul 2020 06:12:26 +0200
Date: Thu, 30 Jul 2020 01:12:21 -0300
From: "Call Center SDPPI Kominfo " 

To: 
Subject: Signed Agreement
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_Part_41216_2681880993.1274351257490883755"
X-OutGoing-Spam-Status: No, score=-1.0
X-AntiAbuse: This header was added to track abuse, please include it with any 
abuse report
X-AntiAbuse: Primary Hostname - sv1.linux-hosting.co.za
X-AntiAbuse: Original Domain - persada.id
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - stevesteyn.co.za
X-Get-Message-Sender-Via: sv1.linux-hosting.co.za: authenticated_id: 
admi...@stevesteyn.co.za
X-Source:
X-Source-Args:
X-Source-Dir:
X-From-Rewrite: unmodified, already matched


Atas bantuannya diucapkan terima kasih.

Salam,


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 20.0.0, SecurityGateway 6.5.2

[mdaemon-l] email SPAM

[Syafril Hermansyah]

On 23/04/20 10.11, Irwan R Jazir via mdaemon-l wrote:
> kami mendapatkan email-email SPAM
> 
> berikut lognya: 

> Wed 2020-04-22 10:39:34: --> 250-mail.mandau.id Hello [160.226.224.112], 
> pleased to meet you


> Wed 2020-04-22 06:17:42: --> 250-mail.mandau.id Hello [176.216.64.188], 
> pleased to meet you


> Kalau saya block IP sender, IP nya dynamic mereka pakai pak.


Iya memang masih ada ISP yang tidak memblock outgoing tcp port 25 dari Dynamic
IP, walau sebenarnya hal itu tidak diperkenankan.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45999.html

jadi kalau DNSBL check diaktifkakan mestinya akan tertolak.

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?dns-bl_hosts.htm


BTW. Kenapa masih pakai MDaemon versi 14.0?
Versi itu sudah tidak lagi disupport oleh altn.com developer.


https://www.altn.com/Support/RequestSupport/

End Of Life Support Notice

Effective July 30, 2019, the following product versions will not be supported:
MDaemon - Versions 14.5.x and below
SecurityGateway - Versions 4.5.x and below
Outlook Connector - Versions 4.5.x and below
SecurityPlus - Versions 5.0.x and below





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0-64 bit Beta GM2
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

It is not that I'm so smart. But I stay with the questions much longer.
--- Albert Einstein


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.5, SecurityGateway 6.5.2

[mdaemon-l] email SPAM

[Irwan R Jazir via mdaemon-l]

dear pak Syafril,
kami mendapatkan email-email SPAM
berikut lognya: 


Wed 2020-04-22 10:39:40: --

Wed 2020-04-22 10:39:34: Session 602608; child 0005

Wed 2020-04-22 10:39:34: Accepting SMTP connection from [160.226.224.112:49050] 
to [117.102.89.155:25]

Wed 2020-04-22 10:39:34: --> 220 mail.mandau.id ESMTP MDaemon 14.0.0; Wed, 22 
Apr 2020 10:39:34 +0700

Wed 2020-04-22 10:39:34: <-- EHLO [160.226.224.112]

Wed 2020-04-22 10:39:34: --> 250-mail.mandau.id Hello [160.226.224.112], 
pleased to meet you

Wed 2020-04-22 10:39:34: --> 250-ETRN

Wed 2020-04-22 10:39:34: --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Wed 2020-04-22 10:39:34: --> 250-8BITMIME

Wed 2020-04-22 10:39:34: --> 250 SIZE

Wed 2020-04-22 10:39:35: <-- MAIL From:

Wed 2020-04-22 10:39:35: Performing IP lookup (sdfsf.com)

Wed 2020-04-22 10:39:35: *  D=sdfsf.com TTL=(60) A=[69.172.201.153]

Wed 2020-04-22 10:39:35: *  P=001 S=000 D=sdfsf.com TTL=(60) 
MX=[mx247.in-mx.net]

Wed 2020-04-22 10:39:35: *  P=001 S=001 D=sdfsf.com TTL=(60) 
MX=[mx247.in-mx.com]

Wed 2020-04-22 10:39:35: *  D=sdfsf.com TTL=(60) A=[69.172.201.153]

Wed 2020-04-22 10:39:35: *  D=sdfsf.com TTL=(60) A=[69.172.201.153]

Wed 2020-04-22 10:39:35:  End IP lookup results

Wed 2020-04-22 10:39:35: Performing SPF lookup (sdfsf.com / 160.226.224.112)

Wed 2020-04-22 10:39:36: *  Result: none; no SPF record in DNS

Wed 2020-04-22 10:39:36:  End SPF results

Wed 2020-04-22 10:39:36: --> 250 , Sender ok

Wed 2020-04-22 10:39:36: <-- RCPT To:

Wed 2020-04-22 10:39:36: --> 250 , Recipient ok

Wed 2020-04-22 10:39:37: <-- DATA

Wed 2020-04-22 10:39:37: Creating temp file (SMTP): 
c:\mdaemon\queues\temp\md5501270.tmp

Wed 2020-04-22 10:39:37: --> 354 Enter mail, end with .

Wed 2020-04-22 10:39:38: Message size: 7106 bytes

Wed 2020-04-22 10:39:38: Performing DKIM lookup

Wed 2020-04-22 10:39:38: *  File: c:\mdaemon\queues\temp\md5501270.tmp

Wed 2020-04-22 10:39:38: *  Message-ID: 5e9fcafd.6689.756...@ghjghjjhg.sdfsf.com

Wed 2020-04-22 10:39:38: *  Result: neutral

Wed 2020-04-22 10:39:38:  End DKIM results

Wed 2020-04-22 10:39:38: Performing DomainKeys lookup (Sender: 
ghjghj...@sdfsf.com)

Wed 2020-04-22 10:39:38: *  File: c:\mdaemon\queues\temp\md5501270.tmp

Wed 2020-04-22 10:39:38: *  Message-ID: 5e9fcafd.6689.756...@ghjghjjhg.sdfsf.com

Wed 2020-04-22 10:39:38: *  Querying for policy: sdfsf.com

Wed 2020-04-22 10:39:38: *    Querying: _domainkey.sdfsf.com ...

Wed 2020-04-22 10:39:38: *    DNS: *  Name server has no valid records of the 
requested type for that domain

Wed 2020-04-22 10:39:38: *  Result: neutral

Wed 2020-04-22 10:39:38:  End DomainKeys results

Wed 2020-04-22 10:39:38: Passing message through Spam Filter (Size: 7106)...

Wed 2020-04-22 10:39:41: *  3.4 FH_DATE_PAST_20XX The date is grossly in the 
future.

Wed 2020-04-22 10:39:41: *  0.0 HTML_MESSAGE BODY: HTML included in message

Wed 2020-04-22 10:39:41: *  1.3 RDNS_NONE Delivered to internal network by a 
host with no rDNS

Wed 2020-04-22 10:39:41: *  0.5 PDS_BTC_ID FP reduced Bitcoin ID

Wed 2020-04-22 10:39:41: *  1.6 BITCOIN_EXTORT_01 Extortion spam, pay via 
BitCoin

Wed 2020-04-22 10:39:41: *  0.0 HELO_MISC_IP Looking for more Dynamic IP Relays

Wed 2020-04-22 10:39:41: *  1.8 NO_FM_NAME_IP_HOSTN No From name + hostname 
using IP address

Wed 2020-04-22 10:39:41:  End SpamAssassin results

Wed 2020-04-22 10:39:41: Spam Filter score/req: 8.60/15.0

Wed 2020-04-22 10:39:41: Message creation successful: 
c:\mdaemon\queues\inbound\md50001590338.msg

Wed 2020-04-22 10:39:41: --> 250 Ok, message saved >

Wed 2020-04-22 10:39:41: <-- QUIT

Wed 2020-04-22 10:39:41: --> 221 See ya in cyberspace

Wed 2020-04-22 10:39:41: SMTP session successful (Bytes in/out: 7209/429)

Wed 2020-04-22 10:39:41: --

 

Dan berikutnya:

 

Wed 2020-04-22 06:13:14: --

Wed 2020-04-22 06:17:42: Session 599238; child 0001

Wed 2020-04-22 06:17:42: Accepting SMTP connection from [176.216.64.188:21990] 
to [117.102.89.155:25]

Wed 2020-04-22 06:17:42: --> 220 mail.mandau.id ESMTP MDaemon 14.0.0; Wed, 22 
Apr 2020 06:17:42 +0700

Wed 2020-04-22 06:17:42: <-- EHLO [176.216.64.188]

Wed 2020-04-22 06:17:42: --> 250-mail.mandau.id Hello [176.216.64.188], pleased 
to meet you

Wed 2020-04-22 06:17:42: --> 250-ETRN

Wed 2020-04-22 06:17:42: --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Wed 2020-04-22 06:17:42: --> 250-8BITMIME

Wed 2020-04-22 06:17:42: --> 250 SIZE

Wed 2020-04-22 06:17:45: <-- MAIL From:

Wed 2020-04-22 06:17:45: Performing IP lookup (rmqkr.net)

Wed 2020-04-22 06:17:45: *  D=rmqkr.net TTL=(60) A=[103.224.182.207]

Wed 2020-04-22 06:17:46: *  P=010 S=000 D=rmqkr.net TTL=(60) 
MX=[park-mx.above.com]

Wed 2020-04-22 06:17:46: *  D=rmqkr.net TTL=(60) A=[103.224.182.207]

Wed 2020-04-22 06:17:46:  End IP lookup results

Wed 2020-04-22 06:17:46: Performing SPF lookup (rmqkr.net / 176.216.64.188)

Wed 2020-04-22 06:17:46: *  Result: none; no SPF record in DNS

Wed 2020-04-22 06:17:46: 

[mdaemon-l] Email Spam di terima user

[Syafril Hermansyah]

On 14/01/20 15.15, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
> Pak Mohon pencerahannya berikut di bawah ini adalah email header SPAM yang
> lolos / di terima oleh user 

> Apakah betul email tersebut tidak ter filter karena ini Pak ?
> 
> (not processed: message size (106578) exceeds spam filter configured max
> size of (102400))


Tidak.

> Authentication-Results: bb.ptbmi.com;
>   spf=pass smtp.mailfrom=skan...@priyafoods.com;
>   iprev=pass policy.iprev=209.11.159.36 (PTR mail.eenadudigital.com);
>   iprev=fail policy.iprev=209.11.159.36 reason="does not match" (HELO
> mail.eenadu.net);
>   iprev=fail policy.iprev=209.11.159.36 reason="does not match" (MAIL
> skan...@priyafoods.com)
> Received-SPF: pass (bb.ptbmi.com: domain priyafoods.com
>   designates 209.11.159.36 as permitted sender)
>   receiver=bb.ptbmi.com; client-ip=209.11.159.36;
>   mechanism=ip4:209.11.159.36; envelope-from="skan...@priyafoods.com";
>   helo=mail.eenadu.net;


Server mail.eenadudigital.com kena hijack dan tidak secure sehingga kirim mail
on behalf skan...@priyafoods.com.
Kedua domain menggunakan layanan relayhost yang sama sehingga SPF recordnya 
mirip.
Host mail.eenadudigital.com punya legalitas internet mail yang baik sehingga di
accept.

Saya sudah masukkan host mail.eenadudigital.com [209.11.159.36] kedalam
hostscreening dan diupdate ke

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Leadership and learning are indispensable to each other
--- John F. Kennedy


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Email Spam di terima user

[Rievo Niemrod E]

Selamat Siang Pak Syafril 

Pak Mohon pencerahannya berikut di bawah ini adalah email header SPAM yang
lolos / di terima oleh user 

X-MDAV-Result: clean
X-MDAV-Processed: bb.ptbmi.com, Tue, 14 Jan 2020 13:50:16 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
spf=pass smtp.mailfrom=skan...@priyafoods.com;
iprev=pass policy.iprev=209.11.159.36 (PTR mail.eenadudigital.com);
iprev=fail policy.iprev=209.11.159.36 reason="does not match" (HELO
mail.eenadu.net);
iprev=fail policy.iprev=209.11.159.36 reason="does not match" (MAIL
skan...@priyafoods.com)
Received-SPF: pass (bb.ptbmi.com: domain priyafoods.com
designates 209.11.159.36 as permitted sender)
receiver=bb.ptbmi.com; client-ip=209.11.159.36;
mechanism=ip4:209.11.159.36; envelope-from="skan...@priyafoods.com";
helo=mail.eenadu.net;
Received: from mail.eenadu.net (mail.eenadudigital.com [209.11.159.36]) by
bb.ptbmi.com (MDaemon PRO v19.5.3) 
with ESMTPS id 65-md5084649.msg; Tue, 14 Jan 2020 13:50:14 +0700
X-Spam-Processed: bb.ptbmi.com, Tue, 14 Jan 2020 13:50:14 +0700
(not processed: message size (106578) exceeds spam filter configured
max size of (102400))
X-MDOP-RefID:
str=0001.0A150208.5E1D64A3.001D:SCFSTAT51157904,ss=1,re=-4.000,recu=0.000,re
ip=0.000,vtr=str,vl=0,cl=1,cld=1,fgs=0 (_st=1 _vt=0 _iwf=0)
X-MDSPF-Result: unapproved (bb.ptbmi.com)
X-MDRemoteIP: 209.11.159.36
X-MDHelo: mail.eenadu.net
X-MDArrival-Date: Tue, 14 Jan 2020 13:50:14 +0700
X-Rcpt-To: marketing.chresti...@ptbmi.com
X-MDRcpt-To: marketing.chresti...@ptbmi.com
X-Return-Path: skan...@priyafoods.com
X-Envelope-From: skan...@priyafoods.com
X-MDaemon-Deliver-To: marketing.chresti...@ptbmi.com
Received: (qmail 22829 invoked by uid 89); 14 Jan 2020 06:47:56 -
Received: from unknown (HELO IP-130-218.dataclub.eu)
(skan...@priyafoods.com@84.38.130.218)
  by mail.eenadudigital.com with ESMTPA; 14 Jan 2020 06:47:56 -
Content-Type: multipart/mixed; boundary="===1682285074=="
MIME-Version: 1.0
Subject: Enquiry & Quotation
To: marketing.chresti...@ptbmi.com
From: "skan...@priyafoods.com (Ms. Priya)" 
Date: Tue, 14 Jan 2020 08:49:57 +0200
Message-ID: 
X-Antivirus: AVG (VPS 200113-0, 01/13/2020), Inbound message
X-Antivirus-Status: Clean

Apakah betul email tersebut tidak ter filter karena ini Pak ?

(not processed: message size (106578) exceeds spam filter configured max
size of (102400))

Jika iya, untuk setingan di Mdaemonnya 

Don't filter messages larger than [XX] kb (0=up to 2MB)

Di isi berapa ya Pak ? apa lebih baik di kosongi saja ?

Atau mungkin Email Spam tersebut bisa masuk karena ada perihal lainnya ?

Mohon Bantuannya ya Pak, Terima Kasih sebelumnya untuk ilmunya selama ini.

Salam
Rievo


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] Email Spam di terima user

[Syafril Hermansyah]

On 13/01/20 10.36, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
> Pak Syafril mohon pencerahannya, barusan salah satu user kami mendapatkan 
> email
> Spam ancaman bitcoin dengan dalih kalau accountnya sudah di hack,
> 
> Kalau di lihat dari header emailnya di situ tertera bahwa X-MDSPF-Result:
> unapproved (bb.ptbmi.com)

unapproved SPF artinya mail dikirim melalui IP yang tidak terdaftar di SPF host
akan tetapi policy SPFnya = SOFTFAIL.


> Tetapi kenapa ya Pak email tersebut masih bisa di terima user ?

> X-Spam-Processed: bb.ptbmi.com, Sat, 11 Jan 2020 13:59:07 +0700
> (not processed: recipient andr...@ptbmi.com in exclude file)

Karena user itu di exclude dari antispam content filtering.


> Mohon pencerahan dan antisipasi agar tidak terjadi di kemudian hari 


Hapus semua isian whitelist no filtering dan whitelist by recipient di antispam
content filtering.

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?sf_white_list.htm

http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?sf_white_list_to.htm




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.3-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I'm unpredictable, I never know where I'm going until I get there, I'm so
random, I'm always growing, learning, changing, I'm never the same person twice.
But one thing you can be sure of about me; is I will always do exactly what I
want to do.
--- C. JoyBell C.


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1

[mdaemon-l] email spam ke email sendiri

[Syafril Hermansyah]

On 25/09/19 09.47, ir...@mandau.id wrote:
> Mohon bantuandan pencerahannya untuk email SPAM yang dikirim oleh email
> account nya sendiri.
> 
> Berikut log smtp-in nya:

> Tue 2019-09-24 07:02:35: Accepting SMTP connection from
> [138.255.131.189:13717] to [117.102.89.155:25]
> 
> Tue 2019-09-24 07:02:35: --> 220 mail.mandau.id ESMTP MDaemon 14.0.0;
> Tue, 24 Sep 2019 07:02:35 +0700
> 
> Tue 2019-09-24 07:02:36: <-- EHLO [138.255.131.189]
>
> Tue 2019-09-24 07:02:36: --> 250-mail.mandau.id Hello [138.255.131.189],
> pleased to meet you
> 
> Tue 2019-09-24 07:02:36: <-- MAIL From: >


Mail ini akan ditolak dengan berbagai macam cara


aktifkan HELO FQDN check

http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--reverse_lookup.htm

[x] Perform lookup on HELO/EHLO domain
[ ] ...send 501 and close connection on forged identification (caution)
[x] Refuse to accept mail if a lookup returns 'domain not found'
[x] ...send 501 error code (normally sends 451 error code)
[x] ...and then close the connection
[x] Exempt authenticated sessions (lookup will defer until after MAIL)


atau aktifkan Sender Authentication check

http://mdaemon.dutaint.co.id/mdaemon/19.0/index.html?security--smtp_authentication.htm

[x] Authentication is always required when mail is from local accounts
[ ] ...unless message is to a local account
[x] Authentication is always required when mail is sent from local IPs
[x] Credentials used must match those of the return-path address
[x] Credentials used must match those of the 'From:' header address
[x] Mail from 'Postmaster', 'abuse', 'webmaster' must be authenticated
[x] Do not apply POP Before SMTP to authenticated sessions


> Tue 2019-09-24 07:02:00: Accepting SMTP connection from [85.8.0.217:33221] to 
> [117.102.89.155:25]
> 
> Tue 2019-09-24 07:02:00: --> 220 mail.mandau.id ESMTP MDaemon 14.0.0; Tue, 24 
> Sep 2019 07:02:00 +0700
> 
> Tue 2019-09-24 07:02:00: <-- EHLO h85-8-0-217.cust.a3fiber.se


Sama saja dengan diatas, bisa juga ditolak dengan pengaktifan domain
antispoofing (SPF, DKIM, DMARC).


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44714.html



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 19.5.0-64 bit Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Never give up on anything.
If you fail, try, try and try again.
You are learning the best ways of doing things.
--- Lailah Gifty Akita


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 19.0.3, SG 6.1.0

[mdaemon-l] email spam ke email sendiri

[irwan]

Dear Pak Syafril,

 

Mohon bantuan dan pencerahannya untuk email SPAM yang dikirim oleh email
account nya sendiri.

 

Berikut log smtp-in nya:

 

Tue 2019-09-24 07:02:36: --

Tue 2019-09-24 07:02:35: Session 475366; child 0004

Tue 2019-09-24 07:02:35: Accepting SMTP connection from
[138.255.131.189:13717] to [117.102.89.155:25]

Tue 2019-09-24 07:02:35: --> 220 mail.mandau.id ESMTP MDaemon 14.0.0; Tue,
24 Sep 2019 07:02:35 +0700

Tue 2019-09-24 07:02:36: <-- EHLO [138.255.131.189]

Tue 2019-09-24 07:02:36: --> 250-mail.mandau.id Hello [138.255.131.189],
pleased to meet you

Tue 2019-09-24 07:02:36: --> 250-ETRN

Tue 2019-09-24 07:02:36: --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Tue 2019-09-24 07:02:36: --> 250-8BITMIME

Tue 2019-09-24 07:02:36: --> 250 SIZE

Tue 2019-09-24 07:02:36: <-- MAIL From:mailto:irwan.ja...@imprima.id> >

Tue 2019-09-24 07:02:36: Performing IP lookup (imprima.id)

Tue 2019-09-24 07:02:36: *  D=imprima.id TTL=(175) A=[202.74.236.99]

Tue 2019-09-24 07:02:36: *  P=000 S=000 D=imprima.id TTL=(175)
MX=[mail.imprima.id]

Tue 2019-09-24 07:02:36: *  D=imprima.id TTL=(175) A=[202.74.236.99]

Tue 2019-09-24 07:02:36:  End IP lookup results

Tue 2019-09-24 07:02:36: Performing SPF lookup (imprima.id /
138.255.131.189)

Tue 2019-09-24 07:02:36: *  Policy: v=spf1 ip4:202.74.236.99 +a +mx
+ip4:202.74.238.130 +ip4:139.99.6.57 +ip4:158.69.40.68 ~all

Tue 2019-09-24 07:02:36: *  Evaluating ip4:202.74.236.99: no match

Tue 2019-09-24 07:02:36: *  Evaluating +a: no match

Tue 2019-09-24 07:02:36: *  Evaluating +mx: no match

Tue 2019-09-24 07:02:36: *  Evaluating +ip4:202.74.238.130: no match

Tue 2019-09-24 07:02:36: *  Evaluating +ip4:139.99.6.57: no match

Tue 2019-09-24 07:02:36: *  Evaluating +ip4:158.69.40.68: no match

Tue 2019-09-24 07:02:36: *  Evaluating ~all: match

Tue 2019-09-24 07:02:36: *  Result: softfail

Tue 2019-09-24 07:02:36:  End SPF results

Tue 2019-09-24 07:02:36: --> 250 mailto:irwan.ja...@imprima.id> >, Sender ok

Tue 2019-09-24 07:02:36: <-- RCPT To:mailto:irwan.ja...@imprima.id> >

Tue 2019-09-24 07:02:36: --> 250 mailto:irwan.ja...@imprima.id> >, Recipient ok

Tue 2019-09-24 07:02:37: <-- DATA

Tue 2019-09-24 07:02:37: Creating temp file (SMTP):
c:\mdaemon\queues\temp\md5610735.tmp

Tue 2019-09-24 07:02:37: --> 354 Enter mail, end with .

Tue 2019-09-24 07:02:38: Message size: 2279 bytes

Tue 2019-09-24 07:02:38: Performing DKIM lookup

Tue 2019-09-24 07:02:38: *  File: c:\mdaemon\queues\temp\md5610735.tmp

Tue 2019-09-24 07:02:38: *  Message-ID:
8A724B8E0BB3B7CE360FCA4FF7F38A72@KUCCXI7UK

Tue 2019-09-24 07:02:38: *  Result: neutral

Tue 2019-09-24 07:02:38:  End DKIM results

Tue 2019-09-24 07:02:38: Performing DomainKeys lookup (Sender:
irwan.ja...@imprima.id  )

Tue 2019-09-24 07:02:38: *  File: c:\mdaemon\queues\temp\md5610735.tmp

Tue 2019-09-24 07:02:38: *  Message-ID:
8A724B8E0BB3B7CE360FCA4FF7F38A72@KUCCXI7UK

Tue 2019-09-24 07:02:38: *  Querying for policy: imprima.id

Tue 2019-09-24 07:02:38: *Querying: _domainkey.imprima.id ...

Tue 2019-09-24 07:02:38: *DNS: *  Name server has no valid records of
the requested type for that domain

Tue 2019-09-24 07:02:38: *  Result: neutral

Tue 2019-09-24 07:02:38:  End DomainKeys results

Tue 2019-09-24 07:02:38: Message creation successful:
c:\mdaemon\queues\inbound\md50001265817.msg

Tue 2019-09-24 07:02:38: --> 250 Ok, message saved >

Tue 2019-09-24 07:02:38: <-- QUIT

Tue 2019-09-24 07:02:38: --> 221 See ya in cyberspace

Tue 2019-09-24 07:02:38: SMTP session successful (Bytes in/out: 2388/437)

Tue 2019-09-24 07:02:38: --

 

Satu lagi ke user lain:

 

Tue 2019-09-24 07:02:01: --

Tue 2019-09-24 07:02:00: Session 475318; child 0004

Tue 2019-09-24 07:02:00: Accepting SMTP connection from [85.8.0.217:33221]
to [117.102.89.155:25]

Tue 2019-09-24 07:02:00: --> 220 mail.mandau.id ESMTP MDaemon 14.0.0; Tue,
24 Sep 2019 07:02:00 +0700

Tue 2019-09-24 07:02:00: <-- EHLO h85-8-0-217.cust.a3fiber.se

Tue 2019-09-24 07:02:00: --> 250-mail.mandau.id Hello
h85-8-0-217.cust.a3fiber.se, pleased to meet you

Tue 2019-09-24 07:02:00: --> 250-ETRN

Tue 2019-09-24 07:02:00: --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Tue 2019-09-24 07:02:00: --> 250-8BITMIME

Tue 2019-09-24 07:02:00: --> 250 SIZE

Tue 2019-09-24 07:02:00: <-- MAIL From:mailto:finance.st...@imprima.id> >

Tue 2019-09-24 07:02:00: Performing IP lookup (imprima.id)

Tue 2019-09-24 07:02:00: *  D=imprima.id TTL=(176) A=[202.74.236.99]

Tue 2019-09-24 07:02:00: *  P=000 S=000 D=imprima.id TTL=(176)
MX=[mail.imprima.id]

Tue 2019-09-24 07:02:00: *  D=imprima.id TTL=(176) A=[202.74.236.99]

Tue 2019-09-24 07:02:00:  End IP lookup results

Tue 2019-09-24 07:02:00: Performing SPF lookup (imprima.id / 85.8.0.217)

Tue 2019-09-24 07:02:00: *  Policy: v=spf1 ip4:202.74.236.99 +a +mx
+ip4:202.74.238.130 +ip4:139.99.6.57 +ip4:158.69.40.68 ~all

Tue 2019-09-24 07:02:00: *  Evaluating 

[mdaemon-l] email spam

[Syafril Hermansyah]

On 28/11/2018 17.51, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
>>> Masukkan sender (MAIL FROM) address diatas ke sender blacklist.
> Pak Syafril, Mohon maaf bertanya lagi. Apakah securitynya Mdaemon
> tidak bisa menolak email semacam ini secara otomatis?


Mail itu berasal dari list server (mailing list) yang punya legalitas
lengkap, punya SPF/DKIM valid, dan mestinya ada fasilitas unsubscribe di
body textnya.
Singkatnya itu adalah mail campaign yang dikirim melalui sengrid.com.
Yang membedakan spam/nons-spam disini adalah contentnya, yang menjadi
pertimbangan recipient menentukannya.

Dari antispam content filtering, spamassassin menyampaikan bahwa itu
bukan spam.
Hanya Outbreak Protection (OP) yang menduga bahwa itu adalah spam, OP
standarnya punya spamscore +2.5, juga URIBL memberikan spamscore + 1.1
juga isinya pakai format HTML only (mail normal berformat HTML selalu
punya pasangan plain-text) sehingga mendapatkan spamscore +1.1.


> Mon 2018-11-26 22:24:42.230: 11: Passing message through Outbreak 
> Protection...
> Mon 2018-11-26 22:24:42.230: 11: *  Message-ID: 
> <042c745e-43430-0d0e902619919@desktop-rpujc63>
> Mon 2018-11-26 22:24:42.230: 11: *  Reference-ID: 
> str=0001.0A150203.5BFC1043.0086,ss=3,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0
> Mon 2018-11-26 22:24:42.230: 11: *  Virus result: 0 - Clean
> Mon 2018-11-26 22:24:42.230: 11: *  Spam result: 3 - Spam (bulk)
> Mon 2018-11-26 22:24:42.230: 11: *  IWF result: 0 - Clean

> Mon 2018-11-26 22:24:42.956: 07: *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon: 
> spam/phish
> Mon 2018-11-26 22:24:42.956: 07: *  1.1 MIME_HTML_ONLY BODY: Message only has 
> text/html MIME parts
> Mon 2018-11-26 22:24:42.956: 07: *  0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images 
> with 2800-3200 bytes of words
> Mon 2018-11-26 22:24:42.956: 07: *  0.0 HTML_MESSAGE BODY: HTML included in 
> message
> Mon 2018-11-26 22:24:42.956: 07: *  1.1 URIBL_GREY Contains an URL listed in 
> the URIBL greylist
> Mon 2018-11-26 22:24:42.956: 07: *  [URIs: sendgrid.net]
> Mon 2018-11-26 22:24:42.956: 07:  End SpamAssassin results
> Mon 2018-11-26 22:24:42.956: 07: Spam Filter score/req: 4.70/12.0

Total spamscore +4.7 yang masih jauh dari +12.0 untuk ditolak.

Kalau ingin mail otomatis ditolak maka perlu ubahan (adjustment)
terhadap nilai-2x OP dan Spamassassin.

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?sp_outbreak_protection.htm

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?sf_spam_filtering.htm

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 18.5.1-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Dalam membenarkan orang lain kita mengikuti pendapat dunia, tetapi dalam
membenarkan diri sendiri sering kita mendahului pendapat dunia
-- Charles Caleb Colton, 1780-1832


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] email spam

[Anjas Wahyu Nurhayanto]

> > Masukkan sender (MAIL FROM) address diatas ke sender blacklist.

Pak Syafril, Mohon maaf bertanya lagi. Apakah securitynya Mdaemon
tidak bisa menolak email semacam ini secara otomatis?

-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] email spam

[Anjas Wahyu Nurhayanto]

> > Mon 2018-11-26 22:24:40.978: 02: <-- MAIL 
> > FROM: 
> > BODY=8BITMIME
>
>
> Masukkan sender (MAIL FROM) address diatas ke sender blacklist.

Terima kasih atas bantuan dan kerjasamanya, Pak.


-- 
Warm Regards,

Anjas
-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] email spam

[Syafril Hermansyah]

On 28/11/18 14.45, Anjas Wahyu Nurhayanto (an...@inticipta.co.id) wrote:
> salah satu user kami menerima email spam dengan log terlampir.
> bagaimana cara melakukan block email yang seperti ini?


> Mon 2018-11-26 22:24:40.978: 02: <-- MAIL 
> FROM: 
> BODY=8BITMIME


Masukkan sender (MAIL FROM) address diatas ke sender blacklist.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Instruction does much, but encouragement everything.
--- Johann Wolfgang von Goethe


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] email spam

[Anjas Wahyu Nurhayanto]

selamat sore Pak Syafril,

salah satu user kami menerima email spam dengan log terlampir.
bagaimana cara melakukan block email yang seperti ini?

-- 
Warm Regards,

Anjas

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0
Mon 2018-11-26 22:24:34.164: 01: --
Mon 2018-11-26 22:24:40.473: 05: Session 967652; child 0001
Mon 2018-11-26 22:24:40.473: 05: Accepting SMTP connection from 
208.117.55.132:1236 to 10.0.0.1:25
Mon 2018-11-26 22:24:40.477: 03: --> 220 aksball.co.id ESMTP Mon, 26 Nov 2018 
22:24:40 +0700
Mon 2018-11-26 22:24:40.726: 02: <-- EHLO o1.f.az.sendgrid.net
Mon 2018-11-26 22:24:40.727: 03: --> 250-aksball.co.id Hello 
o1.f.az.sendgrid.net [208.117.55.132], pleased to meet you
Mon 2018-11-26 22:24:40.727: 03: --> 250-ETRN
Mon 2018-11-26 22:24:40.727: 03: --> 250-AUTH LOGIN PLAIN
Mon 2018-11-26 22:24:40.727: 03: --> 250-8BITMIME
Mon 2018-11-26 22:24:40.727: 03: --> 250-ENHANCEDSTATUSCODES
Mon 2018-11-26 22:24:40.727: 03: --> 250 SIZE
Mon 2018-11-26 22:24:40.978: 02: <-- MAIL 
FROM: 
BODY=8BITMIME
Mon 2018-11-26 22:24:40.980: 05: Performing PTR lookup 
(132.55.117.208.IN-ADDR.ARPA)
Mon 2018-11-26 22:24:41.052: 05: *  D=132.55.117.208.IN-ADDR.ARPA TTL=(0) 
PTR=[o1.f.az.sendgrid.net]
Mon 2018-11-26 22:24:41.071: 05: *  D=o1.f.az.sendgrid.net TTL=(0) 
A=[208.117.55.132]
Mon 2018-11-26 22:24:41.071: 05:  End PTR results
Mon 2018-11-26 22:24:41.073: 05: Performing IP lookup (o1.f.az.sendgrid.net)
Mon 2018-11-26 22:24:41.073: 05: *  D=o1.f.az.sendgrid.net TTL=(0) 
A=[208.117.55.132]
Mon 2018-11-26 22:24:41.073: 05:  End IP lookup results
Mon 2018-11-26 22:24:41.077: 05: Performing IP lookup (em8770.eastparchotel.com)
Mon 2018-11-26 22:24:41.186: 05: *  P=020 S=001 D=u8225129.wl130.sendgrid.net 
TTL=(0) MX=[mx.sendgrid.net] {167.89.118.48}
Mon 2018-11-26 22:24:41.186: 05:  End IP lookup results
Mon 2018-11-26 22:24:41.187: 09: Performing SPF lookup (o1.f.az.sendgrid.net / 
208.117.55.132)
Mon 2018-11-26 22:24:41.209: 09: *  Result: none; no SPF record in DNS
Mon 2018-11-26 22:24:41.209: 09:  End SPF results
Mon 2018-11-26 22:24:41.209: 09: Performing SPF lookup 
(em8770.eastparchotel.com / 208.117.55.132)
Mon 2018-11-26 22:24:41.232: 09: *  Policy: v=spf1 ip4:208.117.55.132 -all
Mon 2018-11-26 22:24:41.232: 09: *  Evaluating ip4:208.117.55.132: match
Mon 2018-11-26 22:24:41.232: 09: *  Result: pass
Mon 2018-11-26 22:24:41.232: 09:  End SPF results
Mon 2018-11-26 22:24:41.232: 03: --> 250 2.1.0 Sender OK
Mon 2018-11-26 22:24:41.482: 02: <-- RCPT TO:
Mon 2018-11-26 22:24:41.503: 03: --> 250 2.1.5 Recipient OK
Mon 2018-11-26 22:24:41.752: 02: <-- DATA
Mon 2018-11-26 22:24:41.754: 01: Creating temp file (SMTP): 
d:\mdaemon\queues\temp\md5096689.tmp
Mon 2018-11-26 22:24:41.754: 03: --> 354 Enter mail, end with .
Mon 2018-11-26 22:24:42.020: 01: Message size: 5399 bytes
Mon 2018-11-26 22:24:42.022: 10: Performing DKIM lookup
Mon 2018-11-26 22:24:42.022: 10: *  File: 
d:\mdaemon\queues\temp\md5096689.tmp
Mon 2018-11-26 22:24:42.022: 10: *  Message-ID: 
<042c745e-43430-0d0e902619919@desktop-rpujc63>
Mon 2018-11-26 22:24:42.056: 10: * DKIM-Signature 1: v=1; a=rsa-sha1; 
c=relaxed/relaxed; d=eastparchotel.com; s=s1; 
Mon 2018-11-26 22:24:42.056: 10: *Verification result: good signature
Mon 2018-11-26 22:24:42.057: 10: *  Result: pass
Mon 2018-11-26 22:24:42.057: 10:  End DKIM results
Mon 2018-11-26 22:24:42.061: 19: Performing DMARC processing
Mon 2018-11-26 22:24:42.061: 19: *  File: 
d:\mdaemon\queues\temp\md5096689.tmp
Mon 2018-11-26 22:24:42.061: 19: *  Message-ID: 
<042c745e-43430-0d0e902619919@desktop-rpujc63>
Mon 2018-11-26 22:24:42.061: 19: *  Author domain: eastparchotel.com
Mon 2018-11-26 22:24:42.061: 19: *  Organizational domain: eastparchotel.com
Mon 2018-11-26 22:24:42.061: 19: *  Query domain: _dmarc.eastparchotel.com
Mon 2018-11-26 22:24:42.086: 19: *No DMARC policy record found
Mon 2018-11-26 22:24:42.086: 19: *  Action taken: none
Mon 2018-11-26 22:24:42.086: 19: *  Result: none
Mon 2018-11-26 22:24:42.086: 19:  End DMARC results
Mon 2018-11-26 22:24:42.090: 06: Passing message through AntiVirus (Size: 
5399)...
Mon 2018-11-26 22:24:42.090: 06: *  Recipient or sender in exclusion list
Mon 2018-11-26 22:24:42.090: 06:  End AntiVirus results
Mon 2018-11-26 22:24:42.230: 11: Passing message through Outbreak Protection...
Mon 2018-11-26 22:24:42.230: 11: *  Message-ID: 
<042c745e-43430-0d0e902619919@desktop-rpujc63>
Mon 2018-11-26 22:24:42.230: 11: *  Reference-ID: 
str=0001.0A150203.5BFC1043.0086,ss=3,re=0.000,recu=0.000,reip=0.000,cl=3,cld=1,fgs=0

[mdaemon-l] Email Spam Dengan Reason White listed

[Syafril Hermansyah]

On 22/11/18 17.10, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
>> Apa itu spam queue?
> Maksud saya adalah SpamTrap Queue Pak Syafril


Spamtrap itu public folder bukan queue folder.

>> Apakah ada content filtering rule berdasar subject?
> Betul Pak, jadi apabila ada subject spam, langsung lari ke situ Pak


Dihapus/dinonaktifkan saja CF rule itu, membuat terjadnya false positive
result (salah duga).
Message Content Filtering tidak dimaksudkan sebagai antispam, tetapi
untuk ad hoc task, mengubah alur proses mail normal.

>> Apakah di email client tidak diaktifkan smtpauthentication?
>> Authentication session akan otomatis bypass antispam content filtering.
> 
> Apakah yang dimaksut ini adalah client menggunakan port 587 itu Pak ?


Menggunakan smtp port 587 dan mengaktifkan smtpauthentication,
menggunakan email client, devices, koneksi apapun.

https://www.netrepid.com/pa-online/smtp-587/





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Friendship... is not something you learn in school. But if you haven't
learned the meaning of friendship, you really haven't learned anything.
--- Muhammad Ali


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Rievo Niemrod E]

untuk kasus  yang ini perlu periksa ke smtp-in log tanggal 2018-11-06,

sesuai kejadian.

Baik Pak, Terimakasih.


Apa itu spam queue?

Maksud saya adalah SpamTrap Queue Pak Syafril


Apakah ada content filtering rule berdasar subject?

Betul Pak, jadi apabila ada subject spam, langsung lari ke situ Pak



Apakah di email client tidak diaktifkan smtpauthentication?
Authentication session akan otomatis bypass antispam content filtering.


Apakah yang dimaksut ini adalah client menggunakan port 587 itu Pak ?
atau ada setingan lainnya ?


Terimakasih

Rievo

Banyak yang tidak menyadari bahwa untuk bisa menjadi pemimpin yang baik
sebenarnya harus pernah membuktikan dirinya pernah menjadi orang yang
dipimpin.
--- Dahlan Iskan


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0



--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Syafril Hermansyah]

On 22/11/18 13.48, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
> lewat log tersebut  apakah server email kami sudah sync dengan
> ftp://ftp.dutaint.com ?


Ya, sudah baik.
untuk kasus  yang ini perlu periksa ke smtp-in log tanggal 2018-11-06,
sesuai kejadian.

> Untuk masalah koneksi internet tidak ada Pak, tetapi email / postingan kami 
> ternyata masuk di SPAM Queue
> dan kami baru realase email pada tanggal 2018-11-21 


Apa itu spam queue?
Apakah ada content filtering rule berdasar subject?

Apakah di email client tidak diaktifkan smtpauthentication?
Authentication session akan otomatis bypass antispam content filtering.


BTW. Jangan lupa hapus kutipan teks yang tidak lagi sesuai konteks,
macam footer, signature dls.







-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Banyak yang tidak menyadari bahwa untuk bisa menjadi pemimpin yang baik
sebenarnya harus pernah membuktikan dirinya pernah menjadi orang yang
dipimpin.
--- Dahlan Iskan


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Rievo Niemrod E]

Selamat Siang Pak Syafril
Sebelumnya terimakasih atas bantuan dan pencerahannya,

On 22/11/18 09.46, Suzy Ariyani (s...@ptbmi.com) wrote:

Apakah jika ada tulisan reaso="white listed" berarti di-whitelist secara
manual?



Ya.


Setalah saya cek baik di reverselookup whitelist, di Trusted IP maupun di 
Trusted Host,

IP 96.125.172.213 atau Host ems.emscai.com  tidak ada Pak,


Proses sync sukses/tidak bisa diperiksa dari 
\\mdaemon\app\xtra\logfile.txt.


di dalam log tersebut menunjukan sbb,
===
Thu 11/22/2018
0:00:16.64

D:\MDaemon\App\xtra>start /wait wget -N -a wgetlog.txt 
ftp://ftp.dutaint.com/altn-mdaemon/miscl/ReverseXcpt.dat


D:\MDaemon\App\xtra>xcopy /D /Y ReverseXcpt.dat ..
D:ReverseXcpt.dat
1 File(s) copied

D:\MDaemon\App\xtra>copy reverseexcept.sem ..
   1 file(s) copied.

D:\MDaemon\App\xtra>start /wait wget -N -a wgetlog.txt 
ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat


D:\MDaemon\App\xtra>xcopy /D /Y HostScreen.dat ..
D:HostScreen.dat
1 File(s) copied

D:\MDaemon\App\xtra>copy hostscreen.sem ..
   1 file(s) copied.

D:\MDaemon\App\xtra>cd ..

lewat log tersebut  apakah server email kami sudah sync dengan 
ftp://ftp.dutaint.com ?




Minggu kemarin kelihatannya bb.ptbmi.com ada masalah koneksi internet,

sehingga posting tanggal 2018-11-14 dan 2018-11-19 baru masuk tanggal
2018-11-21?

Untuk masalah koneksi internet tidak ada Pak, tetapi email / postingan kami 
ternyata masuk di SPAM Queue

dan kami baru realase email pada tanggal 2018-11-21
Mohon maaf.

Terimakasih atas bimbingannya

Rievo


I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0



--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Syafril Hermansyah]

On 22/11/18 09.46, Suzy Ariyani (s...@ptbmi.com) wrote:
> Apakah jika ada tulisan reaso="white listed" berarti di-whitelist secara
> manual?


Ya.

>> BTW. Jangan ikuti cara Ibu Suzy Ariyani untuk whitelist, ikuti saja
>> caranya Ibu Susi Pudjiastuti yang selalu follow the SOP
> 
> Wakakaka...
> seinget sy sy dak pernah ADD IP ke dalam SECURITY - DYNAMIC SCREEN - DYNAMIC 
> WHITELIST pak boss..
> krn Bpk dak pernah ajarkan itu..


Bukan memasukan ke dynamic whitelist tetapi memasukkan ke reverselookup
whitelist.

Menambahkan sendiri langsung ke reverselookup whitelist adalah solusi
sementara (workaround) untuk mempercepat efektifnya, setelah itu
disampaikan ke milis ini untuk diverifikasi keabsahannya dan di sudah
diupdate ke ftp.dutaint.com mestinya isi ReverseXcpt.Dat akan
dioverwrite saat sync tengah malam.
Proses sync sukses/tidak bisa diperiksa dari \\mdaemon\app\xtra\logfile.txt.

Minggu kemarin kelihatannya bb.ptbmi.com ada masalah koneksi internet,
sehingga posting tanggal 2018-11-14 dan 2018-11-19 baru masuk tanggal
2018-11-21?
Saat koneksi internet bermasalah, legalitas check (reverselookup check)
bisa salah hasil karena DNS resolver tidak bisa dihubungi atau datanya
tidak valid.
Saat koneksi normal maka mail dari ems.emscai.com [96.125.172.213] akan
ditolak karena identitas host ems.emscai.com tidak sesuai (not match)
dengan identitas IPnya.


$ host ems.emscai.com
ems.emscai.com has address 216.172.170.202





-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Suzy Ariyani]

Semangat pagi Pak Syafril...

-Original Message- 

From: Syafril Hermansyah
Sent: Wednesday, November 21, 2018 5:47 PM
To: mdaemon-l@dutaint.com
Subject: [mdaemon-l] Email Spam Dengan Reason White listed

On 21/11/18 17.23, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:

Yang mau saya tanyakan, yang di maksud dibawah ini apa ya Pak ?
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (HELO
ems.emscai.com);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (MAIL
v...@alliancemansols.com <mailto:v...@alliancemansols.com>)


Apakah jika ada tulisan reaso="white listed" berarti di-whitelist secara 
manual?



Itu karena IP dimasukkan kedalam reverselookup whitelist atau dalam
dalam trusted IP atau nama host ems.emscai.com masuk dalam daftar
trusted host.

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--reverse_lookup.htm

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--trusted_ips.htm

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--trusted_hosts.htm


Lalu langkah apa yang di lakukan ?


yang pertama dihapus saja message itu, tidak perlu kompromi dengan mail
bervirus.

yang kedua, hapus IP 96.125.172.213 dari daftar whitelist.

Yang ketiga, jangan lagi memasuk-masukkan IP kedalam whitelist apapun
tanpa verifikasi lengkap terlebih dahulu.
Tindakan yang termudah dan selamat adalah selalu sync dengan
ftp.dutaint.com baik untuk reverselookup whitelist maupun hostscreening
blacklist.

BTW. Jangan ikuti cara Ibu Suzy Ariyani untuk whitelist, ikuti saja
caranya Ibu Susi Pudjiastuti yang selalu follow the SOP :-)


Wakakaka...
seinget sy sy dak pernah ADD IP ke dalam SECURITY - DYNAMIC SCREEN - DYNAMIC 
WHITELIST pak boss..

krn Bpk dak pernah ajarkan itu..
Jadi sebagai murid yg patuh ya sy dak ajarkan juga ke Rievo utk lakukan 
langkah Whitelist..


BTW,
mohon bimbingannya utk Rievo sbg Admin MDaemon ptbmi.com
semoga pencerahan dari P. Syafril dapat dicerna dg LEBIH CEPAT ya pak.. ^_^
Terima kasih utk kesabarannya selama ini..

thanks,
Suzy


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Syafril Hermansyah]

On 21/11/18 17.23, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
> Yang mau saya tanyakan, yang di maksud dibawah ini apa ya Pak ?
> iprev=pass policy.iprev=96.125.172.213 reason="white listed" (HELO
> ems.emscai.com);
> iprev=pass policy.iprev=96.125.172.213 reason="white listed" (MAIL
> v...@alliancemansols.com )


Itu karena IP dimasukkan kedalam reverselookup whitelist atau dalam
dalam trusted IP atau nama host ems.emscai.com masuk dalam daftar
trusted host.

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--reverse_lookup.htm

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--trusted_ips.htm

http://mdaemon.dutaint.co.id/mdaemon/18.5/index.html?security--trusted_hosts.htm

> Lalu langkah apa yang di lakukan ?


yang pertama dihapus saja message itu, tidak perlu kompromi dengan mail
bervirus.

yang kedua, hapus IP 96.125.172.213 dari daftar whitelist.

Yang ketiga, jangan lagi memasuk-masukkan IP kedalam whitelist apapun
tanpa verifikasi lengkap terlebih dahulu.
Tindakan yang termudah dan selamat adalah selalu sync dengan
ftp.dutaint.com baik untuk reverselookup whitelist maupun hostscreening
blacklist.

BTW. Jangan ikuti cara Ibu Suzy Ariyani untuk whitelist, ikuti saja
caranya Ibu Susi Pudjiastuti yang selalu follow the SOP :-)








-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We are products of our past, but we don't have to be prisoners of it.
--- Rick Warren


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Rievo Niemrod E]

On 14/11/18 14.02, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
^

>> Ini kenapa mail yang dibuat tanggal 2018-11-14 baru terkirim hari ini
(2018-11-21)?

Mohon Maaf Pak, email saya masuk di SPAM Queue karena ada kata SPAM di 
Subjectnya


>> Lengkapi dulu message headernya, jangan sepotong-2x begitu, agar bisa
dianalisis dengan akurat.

Berikut Headernya 
X-SPScan-Result: infected
X-SPScan-VirusName: W97M/Agent.gen
X-MDBadQueue-Reason: WARNING! infected with virus (W97M/Agent.gen)
X-MDAV-Processed: bb.ptbmi.com, Tue, 06 Nov 2018 17:04:01 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
spf=pass smtp.mailfrom=v...@alliancemansols.com;
dkim=pass (good signature) header.d=alliancemansols.com header.b=BxNRIRkse3;
dmarc=none header.from=alliancemansols.com (no DMARC record);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (HELO 
ems.emscai.com);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (MAIL 
v...@alliancemansols.com)
Received-SPF: pass (bb.ptbmi.com: domain alliancemansols.com
designates 96.125.172.213 as permitted sender)
receiver=bb.ptbmi.com; client-ip=96.125.172.213;
mechanism=a; envelope-from="v...@alliancemansols.com";
helo=ems.emscai.com;
Received: from ems.emscai.com [(96.125.172.213)] by bb.ptbmi.com (MDaemon PRO 
v18.0.2) 
with ESMTPS id 23-md5063580.msg; Tue, 06 Nov 2018 17:03:59 +0700
X-Spam-Processed: bb.ptbmi.com, Tue, 06 Nov 2018 17:03:59 +0700
(not processed: message size (110828) exceeds spam filter configured max 
size of (102400))
X-MDDKIM-Result: unapproved (bb.ptbmi.com)
X-MDSPF-Result: unapproved (bb.ptbmi.com)
X-MDRemoteIP: 96.125.172.213
X-MDHelo: ems.emscai.com
X-MDArrival-Date: Tue, 06 Nov 2018 17:03:59 +0700
X-Rcpt-To: purchasing.mon...@ptbmi.com
X-MDRcpt-To: purchasing.mon...@ptbmi.com
X-Return-Path: v...@alliancemansols.com
X-Envelope-From: v...@alliancemansols.com
X-MDaemon-Deliver-To: purchasing.mon...@ptbmi.com
X-CAV-Result: clean
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=alliancemansols.com; s=default; h=Content-Type:MIME-Version:Subject:
Message-ID:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:
List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;
 bh=Lybs5YZfxX6/wgm/Oo5xOUMuexXbmbvoC7r5K/BQwFA=; 
b=BxNRIRkse34yPIcJkU6Fadv5a

c6L21Nfl1yhFYbs4ekI09X/gml/07FO8eykIRuNiZJyVu9iuW1IemnIQSkKz+dC/kN908cNAQFC1I

Pal1FcJZq2wJF8g6EyzT77VJU7/IfIedihtigOzPrlGp6f+S6NG3EJ/SKHB3bb5TXn4Sw7+5kHD32

o6V8JaApgpfyTW+0R4xqG3MljraA6A9/s2VwPXS6kM9v7Hyrj4jzpn1TscLY+yk+eRItmdkH2ScTJ

TOVGLDiSrEfTSYCuOIjtTKQmyLbXASOFCo1t3hY0FJQNCBGuUzEuRXYwy3CcdgLL4pL35ARJcOdse
xATtUK69Q==;
Received: from [27.34.106.246] (port=50192 helo=10.5.42.120)
by ems.emscai.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89_1)
(envelope-from )
id 1gJyCy-0005BR-1M
for purchasing.mon...@ptbmi.com; Tue, 06 Nov 2018 18:03:44 +0800
Date: Tue, 06 Nov 2018 15:48:43 +0545
From:   
To: purchasing.mon...@ptbmi.com
Message-ID: <42522270296194317548.ec3aee8317aac...@ptbmi.com>
Subject:  Discrepancy on Invoice No CPQ-I156953
MIME-Version: 1.0
Content-Type: multipart/mixed; 
boundary="=_Part_35615_1699572816.39050336061927243829"
X-OutGoing-Spam-Status: No, score=-0.5
X-AntiAbuse: This header was added to track abuse, please include it with any 
abuse report
X-AntiAbuse: Primary Hostname - ems.emscai.com
X-AntiAbuse: Original Domain - ptbmi.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - alliancemansols.com
X-Get-Message-Sender-Via: ems.emscai.com: authenticated_id: 
v...@alliancemansols.com
X-Source: 
X-Source-Args: 
X-Source-Dir: 


Yang mau saya tanyakan, yang di maksud dibawah ini apa ya Pak ?
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (HELO 
ems.emscai.com);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (MAIL 
v...@alliancemansols.com)

Lalu langkah apa yang di lakukan ?

Mohon pencerahannya Pak 

Terimakasih

Rievo

MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Change is the end result of all true learning.
--- Leo Buscaglia


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail 

[mdaemon-l] Email Spam Dengan Reason White listed

[Syafril Hermansyah]

On 14/11/18 14.02, Rievo Niemrod E (edp.r...@ptbmi.com) wrote:
^

Ini kenapa mail yang dibuat tanggal 2018-11-14 baru terkirim hari ini
(2018-11-21)?

> Mohon bantuannya terkait Email Spam seperti di bawah ini,
> ada reason : Warning Virus, tetapi juga ada White Listed


> Barangkali Pak Syafril bisa bantu saya untuk menjelaskan maksut dari log 
> tersebut, Kemudian langkah apa yang kita lakukan ?


Lengkapi dulu message headernya, jangan sepotong-2x begitu, agar bisa
dianalisis dengan akurat.




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.1-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Change is the end result of all true learning.
--- Leo Buscaglia


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Rievo Niemrod E]

Selamat Siang Pak Syafril

Mohon bantuannya terkait Email Spam seperti di bawah ini, 
ada reason : Warning Virus, tetapi juga ada White Listed

X-SPScan-Result: infected
X-SPScan-VirusName: W97M/Agent.gen
X-MDBadQueue-Reason: WARNING! infected with virus (W97M/Agent.gen)
X-MDAV-Processed: bb.ptbmi.com, Tue, 06 Nov 2018 17:04:01 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
spf=pass smtp.mailfrom=v...@alliancemansols.com;
dkim=pass (good signature) header.d=alliancemansols.com header.b=BxNRIRkse3;
dmarc=none header.from=alliancemansols.com (no DMARC record);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (HELO 
ems.emscai.com);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (MAIL 
v...@alliancemansols.com)
Received-SPF: pass (bb.ptbmi.com: domain alliancemansols.com
designates 96.125.172.213 as permitted sender)
receiver=bb.ptbmi.com; client-ip=96.125.172.213;
mechanism=a; envelope-from=mailto:envelope-from=v...@alliancemansols.com;
helo=ems.emscai.co
Barangkali Pak Syafril bisa bantu saya untuk menjelaskan maksut dari log 
tersebut, Kemudian langkah apa yang kita lakukan ?

Terimakasih
Rievo

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email Spam Dengan Reason White listed

[Rievo Niemrod E]

Selamat Siang Pak Syafril

Mohon bantuannya terkait Email Spam seperti di bawah ini, 
ada reason : Warning Virus, tetapi juga ada White Listed

X-SPScan-Result: infected
X-SPScan-VirusName: W97M/Agent.gen
X-MDBadQueue-Reason: WARNING! infected with virus (W97M/Agent.gen)
X-MDAV-Processed: bb.ptbmi.com, Tue, 06 Nov 2018 17:04:01 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
spf=pass smtp.mailfrom=v...@alliancemansols.com;
dkim=pass (good signature) header.d=alliancemansols.com header.b=BxNRIRkse3;
dmarc=none header.from=alliancemansols.com (no DMARC record);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (HELO 
ems.emscai.com);
iprev=pass policy.iprev=96.125.172.213 reason="white listed" (MAIL 
v...@alliancemansols.com)
Received-SPF: pass (bb.ptbmi.com: domain alliancemansols.com
designates 96.125.172.213 as permitted sender)
receiver=bb.ptbmi.com; client-ip=96.125.172.213;
mechanism=a; envelope-from=mailto:envelope-from=v...@alliancemansols.com;
helo=ems.emscai.co
Barangkali Pak Syafril bisa bantu saya untuk menjelaskan maksut dari log 
tersebut, Kemudian langkah apa yang kita lakukan ?

Terimakasih
Rievo

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0

[mdaemon-l] Email spam terlanjur masuk

[Syafril Hermansyah]

On 24/09/18 18:10, Thariq Basyir (thariqbas...@gmail.com) wrote:
> > Bisa dicarikan message header dari mail tersebut?
> 

> Reply-To: infra@kompas.tv 
> List-ID: http://infra.bit.kompas.tv>>
> List-Post: >


Kalau milisnya untuk kebutuhan internal maka di set private (only member
allow post).

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?ml_options.htm

[x] Refuse messages from non list members

Mailing list punya blacklist terpisah namanya blacklist file

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?ml_support_files.htm

Black List File

If specified, the file listed here will be used to suppress messages
sent from specified users.

informasi lengkap untuk internal mailing list bisa dilihat disini

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg35807.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg35815.html

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.0-64 bit Beta RC2
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The life so short, the craft so long to learn.
--- Hippocrates













-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.2, SG 5.5.0

[mdaemon-l] Email spam terlanjur masuk

[Thariq Basyir]

2018-09-24 17:32 GMT+07:00 Syafril Hermansyah :

> > Bisa dicarikan message header dari mail tersebut?
>
>From - Mon Sep 24 10:05:31 2018
X-Account-Key: account1
X-UIDL: MD5095899:MSG:347774:30691955:55179016
X-Mozilla-Status: 0001
X-Mozilla-Status2: 
X-Mozilla-Keys:
Return-path: 
Authentication-Results: mail.kompas.tv
iprev=pass policy.iprev=192.185.198.26 (PTR 
gateway30.websitewelcome.com);
iprev=pass policy.iprev=192.185.198.26 (HELO 
gateway30.websitewelcome.com);
iprev=fail policy.iprev=192.185.198.26 reason="does not match" (MAIL
i...@grosir-alatkesehatan.com)
Received: from gateway30.websitewelcome.com
(gateway30.websitewelcome.com [192.185.198.26])
by mail.kompas.tv (MDaemon PRO v17.0.2) with ESMTP id pd50001973120.msg;
Sat, 22 Sep 2018 19:51:43 +0700
X-Spam-Processed: mail.kompas.tv, Sat, 22 Sep 2018 19:51:43 +0700
(not processed: spam filter already applied to initial list submission)
X-MDRemoteIP: 192.185.198.26
X-MDHelo: gateway30.websitewelcome.com
X-MDArrival-Date: Sat, 22 Sep 2018 19:51:43 +0700
X-Rcpt-To: infra@kompas.tv
X-MDRcpt-To: infra@kompas.tv
X-Envelope-From: i...@grosir-alatkesehatan.com
X-MDaemon-Deliver-To: thariq.bas...@kompas.tv
X-MDMailing-List: infra@kompas.tv
Precedence: bulk
Sender: infra@kompas.tv
X-MDAV-Processed: mail.kompas.tv, Sat, 22 Sep 2018 19:51:43 +0700
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none shortcircuit=no
autolearn=unavailable autolearn_force=no version=3.4.1
X-Spam-Report:
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28)
X-Authority-Reason: nr=8
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="=_56d5c01c5796888cf6f776b5e3864e07"
Date: Sat, 22 Sep 2018 07:09:59 -0500
From: i...@grosir-alatkesehatan.com
To: undisclosed-recipients:;
Subject: [infra.bit] Kisah Threesome Sandiaga, Miftah dan Noriyu di Gedung Adaro
Message-ID: 
X-Sender: i...@grosir-alatkesehatan.com
User-Agent: Roundcube Webmail/1.3.3
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - gator4071.hostgator.com
X-AntiAbuse: Original Domain - kompas.tv
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - grosir-alatkesehatan.com
X-BWhitelist: no
X-Source-IP: 192.185.4.82
X-Source-L: Yes
X-Exim-ID: 1g3gjY-001Vlq-75
X-Source:
X-Source-Args:
X-Source-Dir:
X-Source-Sender: (grosir-alatkesehatan.com) [192.185.4.82]:12525
X-Source-Auth: i...@grosir-alatkesehatan.com
X-Email-Count: 198
X-Source-Cap: ZWRpc29ueW87ZWRpc29ueW87Z2F0b3I0MDcxLmhvc3RnYXRvci5jb20=
X-Local-Domain: yes
Reply-To: infra@kompas.tv
List-ID: 
List-Post: 

--=_56d5c01c5796888cf6f776b5e3864e07
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
 format=flowed



> > Aktifkan menu berikut agar spam filter memberikan informasi lebih banyak
> >  http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?sf_
> spam_filtering.htm
> > [x] Send heuristic results to SMTP clients
>

barusan kami aktfikan pak

> Coba diperiksa ulang.
>

terlampir pak, FYI kami pakai versi 17.0.2

[mdaemon-l] Email spam terlanjur masuk

[Thariq Basyir]

2018-09-24 16:42 GMT+07:00 Syafril Hermansyah :

>
> > Bisa dicarikan transaksinya di smtp-in log?
>

Sat 2018-09-22 19:51:34.955: [704704] Session 704704; child 0004
Sat 2018-09-22 19:51:34.955: [704704] Accepting SMTP connection from
192.185.198.26:27584 to 10.8.40.3:25
Sat 2018-09-22 19:51:34.957: [704704] --> 220 mail.kompas.tv ESMTP MDaemon
17.0.2; Sat, 22 Sep 2018 19:51:34 +0700
Sat 2018-09-22 19:51:35.188: [704704] <-- EHLO gateway30.websitewelcome.com
Sat 2018-09-22 19:51:35.188: [704704] --> 250-mail.kompas.tv Hello
gateway30.websitewelcome.com [192.185.198.26], pleased to meet you
Sat 2018-09-22 19:51:35.188: [704704] --> 250-ETRN
Sat 2018-09-22 19:51:35.188: [704704] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sat 2018-09-22 19:51:35.188: [704704] --> 250-8BITMIME
Sat 2018-09-22 19:51:35.188: [704704] --> 250-ENHANCEDSTATUSCODES
Sat 2018-09-22 19:51:35.188: [704704] --> 250 SIZE 2048
Sat 2018-09-22 19:51:35.420: [704704] <-- MAIL FROM:<
i...@grosir-alatkesehatan.com> SIZE=346939 BODY=8BITMIME
Sat 2018-09-22 19:51:35.423: [704704] Performing PTR lookup
(26.198.185.192.IN-ADDR.ARPA)
Sat 2018-09-22 19:51:35.441: [704704] *  D=26.198.185.192.IN-ADDR.ARPA
TTL=(59) PTR=[gateway30.websitewelcome.com]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.196.18]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.179.30]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.198.26]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.145.3]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.151.58]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.147.85]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.168.15]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[50.116.126.1]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.149.4]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.146.7]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.152.11]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.197.25]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.148.2]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.107.137]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.194.16]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.184.48]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.192.34]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.193.11]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.180.41]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.106.218]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.160.12]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.150.24]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[50.116.124.68]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[50.116.125.1]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[192.185.144.21]
Sat 2018-09-22 19:51:35.457: [704704] *  D=gateway30.websitewelcome.com
TTL=(49) A=[50.116.127.1]
Sat 2018-09-22 19:51:35.457: [704704]  End PTR results
Sat 2018-09-22 19:51:35.460: [704704] Performing IP lookup (
gateway30.websitewelcome.com)
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.194.16]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.198.26]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.148.2]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.145.3]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.179.30]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[50.116.124.68]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[50.116.127.1]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.192.34]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.193.11]
Sat 2018-09-22 19:51:35.474: [704704] *  D=gateway30.websitewelcome.com
TTL=(46) A=[192.185.107.137]
Sat 2018-09-22 19:51:35.474: [704704] *  

[mdaemon-l] Email spam terlanjur masuk

[Syafril Hermansyah]

On 24/09/18 17:11, Thariq Basyir (thariqbas...@gmail.com) wrote:
> 
>> Bisa dicarikan transaksinya di smtp-in log?

> Sat 2018-09-22 19:51:39.638: [704704] Spam Filter score/req: 0.00/12.0


Sepintas kelihatannya normal saja.
Bisa dicarikan message header dari mail tersebut?

Aktifkan menu berikut agar spam filter memberikan informasi lebih banyak

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?sf_spam_filtering.htm

[x] Send heuristic results to SMTP clients


>> > Incoming mail sent to local users who do not exist should be...
>> > [x] ...returned to sender with a 'no such user' warning
>> > hal ini akan membebani server untuk hal yang tidak perlu.


> ini sudah kami aktifkan sedari awal


Coba diperiksa ulang.




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.0-64 bit Beta RC2
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The more I read, the more I acquire, the more certain I am that I know
nothing.
--- Voltaire


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.2, SG 5.5.0

[mdaemon-l] Email spam terlanjur masuk

[Syafril Hermansyah]

On 24/09/18 16:02, Thariq Basyir (thariqbas...@gmail.com) wrote:
> 2 hari lalu kami banyak mendapat SPAM email dari domain domain
> (terlampir), yang sifatnya politis
> dari sifatnya sih seperti email kena hijack, kemudian dipakai oleh user
> yang tidak bertanggung jawab untuk menyebar berita hoax, fitnah, dan isu
> SARA berkaitan dengan pemilihan presiden 2019
> 
> Selain blok manual, ada cara lain tidak pak untuk menangkis email
> seperti ini?


Bisa dicarikan transaksinya di smtp-in log?

BTW. server mail.kompas.tv ada yang salah setting, di unknown user masih
belum diubah setelah installasi awal selesai.

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?unknown_mail.htm

Incoming mail sent to local users who do not exist should be...

[x] ...returned to sender with a 'no such user' warning

hal ini akan membebani server untuk hal yang tidak perlu.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.5.0-64 bit Beta RC2
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The only way to do great work is to love what you do. If you haven’t
found it yet, keep looking. Don’t settle.
--- Steve Jobs


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0.2, SG 5.5.0

[mdaemon-l] Email spam terlanjur masuk

[Thariq Basyir]

Pak syafril,

2 hari lalu kami banyak mendapat SPAM email dari domain domain (terlampir),
yang sifatnya politis
dari sifatnya sih seperti email kena hijack, kemudian dipakai oleh user
yang tidak bertanggung jawab untuk menyebar berita hoax, fitnah, dan isu
SARA berkaitan dengan pemilihan presiden 2019

Selain blok manual, ada cara lain tidak pak untuk menangkis email seperti
ini?

karena sepertinya ANTI-SPAM tidak menganggap ini SPAM

Regards,
Thariq Basyir

[MDaemon-L] Email Spam

[Syafril Hermansyah]

On 10/01/18 09:55, Dedet Saputra wrote:
> sudah saya masukan ke blacklist tapi masih masuk, karena sender selalu berubah
> ubah..
> 
> conth nya ini beberapa sender yang lain :
> Jennifer Martha  lori_christ...@diane-and-diana.info


Masukkan lagi sender address/domain yang lain kedalam sender blacklist.

Sebenarnya akan lebih mudah jika diaktifkan PTR check, karena sender host yang
kemarin itu tidak punya PTR record sehingga akan ditolak.

> Sun 2018-01-07 10:44:08: Performing PTR lookup (74.104.17.188.IN-ADDR.ARPA)
> Sun 2018-01-07 10:44:08: *  Error: *  Name server reports domain name unknown
> Sun 2018-01-07 10:44:08: *  No PTR records found

http://mdaemon.dutaint.co.id/mdaemon/17.5/index.html?security--reverse_lookup.htm

[x] Perform PTR lookup on inbound SMTP connections
[x] ...send 501 and close connection if no PTR record exists (caution)
[x] ...send 501 and close connection if no PTR record match
[x] Exempt authenticated sessions (lookup will defer until after MAIL)

lebih lengkap bisa baca di arsip

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg31023.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg31024.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg31029.html

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 17.5.2-64, SP 5.5-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0

[MDaemon-L] Email Spam

[Dedet Saputra]

On 08/01/18 10:00, Dedet Saputra wrote:

Bagai mana cara memblock Email spam dari marilyn_chirst...@jane-judy.site. saya
sudah masukan ke bayesian spam tapi masuk lagi.


Masukkan sender address/domain kedalam sender blacklist.

http://mdaemon.dutaint.co.id/mdaemon/17.5/index.html?security--sender-blacklist.htm
Sender nya yang ini ya pak : Sun 2018-01-07 10:44:11: --> 250 
, Sender ok


sudah saya masukan ke blacklist tapi masih masuk, karena sender selalu 
berubah ubah..


conth nya ini beberapa sender yang lain :
Jennifer Martha 

[MDaemon-L] Email Spam

[Syafril Hermansyah]

On 08/01/18 10:00, Dedet Saputra wrote:
> Bagai mana cara memblock Email spam dari marilyn_chirst...@jane-judy.site. 
> saya
> sudah masukan ke bayesian spam tapi masuk lagi. 


Masukkan sender address/domain kedalam sender blacklist.

http://mdaemon.dutaint.co.id/mdaemon/17.5/index.html?security--sender-blacklist.htm

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 17.5.2-64, SP 5.5-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Learning without thought is labor lost; thought without learning is perilous.
--- Confucius (551 BC - 479 BC), The Confucian Analects


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.2, SP 5.5, OC 5.0.1, SG 5.0

[MDaemon-L] Email Spam

[Dedet Saputra]

Yth Pak Syafril,

Bagai mana cara memblock Email spam dari 
marilyn_chirst...@jane-judy.site. saya sudah masukan ke bayesian spam 
tapi masuk lagi.


Berikut LOG nya.

Sun 2018-01-07 10:44:07: Session 539646; child 0001
Sun 2018-01-07 10:44:07: Accepting SMTP connection from 
[188.17.104.74:49244] to [202.150.137.87:25]
Sun 2018-01-07 10:44:07: --> 220 mailhub.kobexindo.com ESMTP MDaemon 
14.0.3; Sun, 07 Jan 2018 10:44:07 +0700

Sun 2018-01-07 10:44:08: <-- EHLO web5.cebotech.de
Sun 2018-01-07 10:44:08: --> 250-mailhub.kobexindo.com Hello 
web5.cebotech.de, pleased to meet you

Sun 2018-01-07 10:44:08: --> 250-ETRN
Sun 2018-01-07 10:44:08: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sun 2018-01-07 10:44:08: --> 250-8BITMIME
Sun 2018-01-07 10:44:08: --> 250-STARTTLS
Sun 2018-01-07 10:44:08: --> 250 SIZE
Sun 2018-01-07 10:44:08: <-- MAIL 
FROM: BODY=8BITMIME

Sun 2018-01-07 10:44:08: Performing PTR lookup (74.104.17.188.IN-ADDR.ARPA)
Sun 2018-01-07 10:44:08: *  Error: *  Name server reports domain name 
unknown

Sun 2018-01-07 10:44:08: *  No PTR records found
Sun 2018-01-07 10:44:08:  End PTR results
Sun 2018-01-07 10:44:08: Performing IP lookup (web5.cebotech.de)
Sun 2018-01-07 10:44:08: *  D=web5.cebotech.de TTL=(60) A=[80.67.28.136]
Sun 2018-01-07 10:44:08:  End IP lookup results
Sun 2018-01-07 10:44:08: Performing IP lookup (jane-judy.site)
Sun 2018-01-07 10:44:11: *  P=000 S=000 D=jane-judy.site TTL=(30) 
MX=[mail.jane-judy.site] {176.223.165.146}

Sun 2018-01-07 10:44:11:  End IP lookup results
Sun 2018-01-07 10:44:11: Performing SPF lookup (jane-judy.site / 
188.17.104.74)

Sun 2018-01-07 10:44:11: *  Result: none; no SPF record in DNS
Sun 2018-01-07 10:44:11:  End SPF results
Sun 2018-01-07 10:44:11: --> 250 , 
Sender ok

Sun 2018-01-07 10:44:12: <-- RCPT TO:
Sun 2018-01-07 10:44:12: Performing DNS-BL lookup (188.17.104.74 - 
connecting IP)

Sun 2018-01-07 10:44:12: *  zen.spamhaus.org - failed - 127.0.0.4
Sun 2018-01-07 10:44:12:  End DNS-BL results
Sun 2018-01-07 10:44:12: --> 250 , Recipient ok
Sun 2018-01-07 10:44:12: <-- DATA
Sun 2018-01-07 10:44:12: Creating temp file (SMTP): 
d:\mdaemon\queues\temp\md5022297.tmp

Sun 2018-01-07 10:44:12: --> 354 Enter mail, end with .
Sun 2018-01-07 10:44:14: Message size: 310874 bytes
Sun 2018-01-07 10:44:14: Performing DKIM lookup
Sun 2018-01-07 10:44:14: *  File: d:\mdaemon\queues\temp\md5022297.tmp
Sun 2018-01-07 10:44:14: *  Message-ID: 
363affcac0428f96e6f4f85e2c3b8...@jane-judy.site
Sun 2018-01-07 10:44:14: * Signature (1): 
;v=1;a=rsa-sha1;c=relaxed/relaxed;s=default;d=jane-judy.site;i=marilyn_chirst...@jane-judy.site;b 
h=;

Sun 2018-01-07 10:44:14: *Verification result: [0] good
Sun 2018-01-07 10:44:14: *  Result: pass
Sun 2018-01-07 10:44:14:  End DKIM results
Sun 2018-01-07 10:44:14: Performing VBR certification (Domain: 
jane-judy.site, Auth: DKIM)

Sun 2018-01-07 10:44:14: *  File: d:\mdaemon\queues\temp\md5022297.tmp
Sun 2018-01-07 10:44:14: *  Message-ID: 
363affcac0428f96e6f4f85e2c3b8...@jane-judy.site
Sun 2018-01-07 10:44:14: *  Certifier (trusted): 
vbr.emailcertification.org ...
Sun 2018-01-07 10:44:14: *Querying: 
jane-judy.site._vouch.vbr.emailcertification.org ...

Sun 2018-01-07 10:44:15: *Certifier does not recognize that domain
Sun 2018-01-07 10:44:15: *  Certification result: message not certified
Sun 2018-01-07 10:44:15:  End VBR results
Sun 2018-01-07 10:44:15: Passing message through AntiVirus (Size: 310874)...
Sun 2018-01-07 10:44:15: *  Message is clean (no viruses found)
Sun 2018-01-07 10:44:15:  End AntiVirus results
Sun 2018-01-07 10:44:15: Passing message through Outbreak Protection...
Sun 2018-01-07 10:44:15: *  Message-ID: 
<363affcac0428f96e6f4f85e2c3b8...@jane-judy.site>
Sun 2018-01-07 10:44:15: *  Reference-ID: 
str=0001.0A150207.5A5181DD.0061,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8

Sun 2018-01-07 10:44:15: *  Virus result: 0 - Clean
Sun 2018-01-07 10:44:15: *  Spam result: 4 - Spam (confirmed)
Sun 2018-01-07 10:44:15: *  IWF result: 0 - Clean
Sun 2018-01-07 10:44:15:  End Outbreak Protection results
Sun 2018-01-07 10:44:15: Passing message through ClamAV Plugin 
(d:\mdaemon\queues\temp\md5022297.tmp)...
Sun 2018-01-07 10:44:15: *  Message-ID: 
<363affcac0428f96e6f4f85e2c3b8...@jane-judy.site>

Sun 2018-01-07 10:44:15: *  Virus result: 0 - clean
Sun 2018-01-07 10:44:15: Spam filter scan skipped; message size (310874) 
exceeds spam filter configured max size of (102400)
Sun 2018-01-07 10:44:16: Message creation successful: 
d:\mdaemon\queues\inbound\md50002540780.msg
Sun 2018-01-07 10:44:16: --> 250 Ok, message saved <363affcac0428f96e6f4f85e2c3b8...@jane-judy.site>>

Sun 2018-01-07 10:44:16: <-- QUIT
Sun 2018-01-07 10:44:16: --> 221 See ya in cyberspace
Sun 2018-01-07 10:44:16: SMTP session successful (Bytes in/out: 311000/473)
Sun 

[MDaemon-L] Email Spam

[Agus Tarpindo]

YTH Pak Syafril

> dikirim oleh web server sg04.dewaweb.com yang menginformasikan adanya
> SSL key error/problem di http://study.os-selnajaya.com/
> 
>
Baik Pak, terima kasih penjelasannya

Best regards, 

Agus 



-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.1, SP 5.5, OC 5.0, SG 5.0

[MDaemon-L] Email Spam

[Syafril Hermansyah]

On 20/11/17 08:59, Agus Tarpindo wrote:
> Hari ini saya ada teria 2 email “failed authentication” yang berbeda (mohon 
> cek
> attachment).
> 
> Mohon bantu analisanya Pak, ini perbedaannya apa ya Pak?

> Account failed at least 3 authentication attempts: "romasta.panjaitan"
> romasta.panjai...@os-selnajaya.com
> 
> 11/20/2017 12:05:39 AM:  IP 112.218.211.227  IMAP
> 11/20/2017 2:32:37 AM:  IP 222.161.246.150  IMAP
> 11/20/2017 4:31:05 AM:  IP 125.46.45.214  IMAP

> Account failed at least 3 authentication attempts: "valentina.kartika"
> valentina.kart...@os-selnajaya.com
> 
> 11/20/2017 12:00:33 AM:  IP 119.41.111.216  IMAP
> 11/20/2017 12:30:36 AM:  IP 31.173.71.190  IMAP
> 11/20/2017 4:18:54 AM:  IP 124.160.93.172  IMAP


> Account failed at least 3 authentication attempts: "gita.fardiana"
> gita.fardi...@os-selnajaya.com
> 
> 11/20/2017 12:18:07 AM:  IP 218.108.16.154  IMAP
> 11/20/2017 4:07:15 AM:  IP 58.53.146.60  IMAP
> 11/20/2017 4:53:31 AM:  IP 221.4.137.85  IMAP


Sama saja semua, spammer/hacker dari korea, china mencoba-coba hijack account.
Kalau masih pakai MDaemon dibawah versi 17.5.0 memang akan begitu adanya.

> Kenapa email yang satu ada log banyak seperti ini ya?


Tidak ada log yang Anda kirim.

Kalau message header berikut

> To: administrat...@selnajaya.com
> Subject: [Let's Encrypt SSL] FAILURE of renewal of study.os-selnajaya.com
> From: r...@sg04.dewaweb.com
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> X-AuthUser: 
> Message-Id: <20171119205933.ca7d3280...@relay.mailchannels.net>
> 
> Automatic Let's Encrypt renewal for study.os-selnajaya.com was attempted an=
> d failed.
> This certificate expires on 2017-12-11 13:21:00 +0800 +08.


dikirim oleh web server sg04.dewaweb.com yang menginformasikan adanya SSL key
error/problem di http://study.os-selnajaya.com/




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 17.5.2-64 Beta A, SP 5.5-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.5.1, SP 5.5, OC 5.0, SG 5.0

[MDaemon-L] Email Spam

[Agus Tarpindo]

YTH Pak Syafril

Pagi Pak,..

Hari ini saya ada teria 2 email "failed authentication" yang berbeda (mohon
cek attachment).

Mohon bantu analisanya Pak, ini perbedaannya apa ya Pak?

Kenapa email yang satu ada log banyak seperti ini ya?

Log tersebut artinya apa ya Pak? mohon bantuan penjelasannya.

 

Terima kasih

 

Best regards, 

Agus 

 

--- Begin Message ---
Account failed at least 3 authentication attempts: "romasta.panjaitan"
romasta.panjai...@os-selnajaya.com

11/20/2017 12:05:39 AM:  IP 112.218.211.227  IMAP
11/20/2017 2:32:37 AM:  IP 222.161.246.150  IMAP
11/20/2017 4:31:05 AM:  IP 125.46.45.214  IMAP

.
+OK 1145 octets
X-MDAV-Processed: mail.os-selnajaya.com, Mon, 20 Nov 2017 04:18:59 +0700
Received: from mail.os-selnajaya.com by mail.os-selnajaya.com (via RAW)
(MDaemon PRO v14.5.3)
for ; Mon, 20 Nov 2017 04:18:57
+0700
Date: Mon, 20 Nov 2017 04:18:57 +0700
Reply-To: mdae...@os-selnajaya.com
From: "MDaemon at mail.os-selnajaya.com" 
Subject: Account failed authentication numerous times: "valentina.kartika"
valentina.kart...@os-selnajaya.com
To: administrat...@os-selnajaya.com
Message-ID: 
Mime-Version: 1.0
X-Actual-From: mdae...@os-selnajaya.com
Content-Type: text/plain; charset=iso-8859-1
X-MDRedirect: 1
X-MDRedirect_From: administrat...@os-selnajaya.com
X-Return-Path: 
X-MDaemon-Deliver-To: 

Account failed at least 3 authentication attempts: "valentina.kartika"
valentina.kart...@os-selnajaya.com

11/20/2017 12:00:33 AM:  IP 119.41.111.216  IMAP
11/20/2017 12:30:36 AM:  IP 31.173.71.190  IMAP
11/20/2017 4:18:54 AM:  IP 124.160.93.172  IMAP

.
+OK 3795 octets
X-MDAV-Processed: mail.os-selnajaya.com, Mon, 20 Nov 2017 03:59:44 +0700
Return-path: 
Authentication-Results: mail.os-selnajaya.com
spf=none smtp.mailfrom=r...@sg04.dewaweb.com;
dmarc=none header.from=sg04.dewaweb.com (no DMARC record);
iprev=pass policy.iprev=46.232.183.142 (PTR
nov-007-i588.relay.mailchannels.net)
Received: from nov-007-i588.relay.mailchannels.net
(nov-007-i588.relay.mailchannels.net [46.232.183.142])
by mail.os-selnajaya.com (mail.os-selnajaya.com [127.0.0.1])
(Cipher TLSv1.2:AES-:128) 
with ESMTPS id md50002664948.msg for
;
Mon, 20 Nov 2017 03:59:43 +0700
X-Spam-Level: 
X-Spam-Status: No, score=0.00 required=5.0
X-Spam-Report:
*  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked.
*   See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
*  for more information.
*  [URIs: os-selnajaya.com]
X-Spam-Processed: mail.os-selnajaya.com, Mon, 20 Nov 2017 03:59:43 +0700
(processed during SMTP session)
X-MDOP-RefID:
str=0001.0A150207.5A11F0BE.001D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld
=1,fgs=0 (_st=1 _vt=0 _iwf=0)
X-MDRemoteIP: 46.232.183.142
X-MDHelo: nov-007-i588.relay.mailchannels.net
X-MDArrival-Date: Mon, 20 Nov 2017 03:59:43 +0700
X-Rcpt-To: administrat...@selnajaya.com
X-MDRcpt-To: administrat...@selnajaya.com
X-Return-Path: r...@sg04.dewaweb.com
X-Envelope-From: r...@sg04.dewaweb.com
X-MDaemon-Deliver-To: agus.tarpi...@os-selnajaya.com
X-Sender-Id: p38ruhd5tl|env-sender|r...@sg04.dewaweb.com
Received: from relay.mailchannels.net (localhost [127.0.0.1])
by relay.mailchannels.net (Postfix) with ESMTP id CA7D32802AA
for ; Sun, 19 Nov 2017 20:59:33 +
(UTC)
Received: from sg04.dewaweb.com (unknown [100.96.34.11])
(Authenticated sender: p38ruhd5tl)
by relay.mailchannels.net (Postfix) with ESMTPA id 2CF73280311
for ; Sun, 19 Nov 2017 20:59:32 +
(UTC)
X-Sender-Id: p38ruhd5tl|env-sender|r...@sg04.dewaweb.com
Received: from sg04.dewaweb.com (sg04.dewaweb.com [172.17.77.47])
(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384)
by 0.0.0.0:2500 (trex/5.10.2);
Sun, 19 Nov 2017 20:59:33 +
X-MC-Relay: Neutral
X-MailChannels-SenderId: p38ruhd5tl|env-sender|r...@sg04.dewaweb.com
X-MailChannels-Auth-Id: p38ruhd5tl
X-Troubled-Supply: 2460b2b456d42454_1511125173650_1464173603
X-MC-Loop-Signature: 1511125173650:2969643903
X-MC-Ingress-Time: 1511125173650
Received: from [103.53.197.234] (port=43359 helo=localhost)
by sg04.dewaweb.com with esmtps
(TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.89)
(envelope-from )
id 1eGWgc-0014ZQ-4e
for administrat...@selnajaya.com; Mon, 20 Nov 2017 04:59:30 +0800
Mime-Version: 1.0
Date: Mon, 20 Nov 2017 04:59:30 +0800
To: administrat...@selnajaya.com
Subject: [Let's Encrypt SSL] FAILURE of renewal of study.os-selnajaya.com
From: r...@sg04.dewaweb.com
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Syafril Hermansyah]

On 18/05/16 09:50, Heryanto wrote:
>> >Yang ini mestinya ditolak kalau semua menu PTR check di reverse lookup
> check aktif

> Cuma masih ada yg masuk ya pak syafril contoh spam :

Jam berapa reverse lookup di aktifkan?

Apakah sebelum Wed 2016-05-18 09:26:21?




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Pengetahuan tidak dicapai secara kebetulan, tapi harus dicari dengan
semangat yang tinggi dan diselesaikan dengan tekun
-- Abigail Adams, 1790


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Heryanto]

s\temp\md5002211.tmp
Wed 2016-05-18 09:26:38.541: [390135] *  Message-ID:
<20160518092846.A4AA05D7CD@mail.herman.sulina.local>
Wed 2016-05-18 09:26:38.886: [390135] *  Result: neutral Wed 2016-05-18
09:26:38.886: [390135]  End DKIM results Wed 2016-05-18 09:26:38.891:
[390135] Performing DMARC processing Wed 2016-05-18 09:26:38.891: [390135] *
File: d:\mdaemon\queues\temp\md5002211.tmp
Wed 2016-05-18 09:26:38.891: [390135] *  Message-ID:
<20160518092846.A4AA05D7CD@mail.herman.sulina.local>
Wed 2016-05-18 09:26:38.891: [390135] *  Author domain: dcwildlife.com Wed
2016-05-18 09:26:38.891: [390135] *  Organizational domain: dcwildlife.com
Wed 2016-05-18 09:26:38.891: [390135] *  Query domain: _dmarc.dcwildlife.com
Wed 2016-05-18 09:26:39.418: [390135] *No DMARC policy record found
Wed 2016-05-18 09:26:39.418: [390135] *  Action taken: none Wed 2016-05-18
09:26:39.418: [390135] *  Result: none Wed 2016-05-18 09:26:39.418: [390135]
 End DMARC results Wed 2016-05-18 09:26:39.421: [390135] Passing message
through AntiVirus (Size: 11840)...
Wed 2016-05-18 09:26:39.422: [390135] *  Recipient or sender in exclusion
list Wed 2016-05-18 09:26:39.422: [390135]  End AntiVirus results Wed
2016-05-18 09:26:39.623: [390135] Passing message through Outbreak
Protection...
Wed 2016-05-18 09:26:39.624: [390135] *  Message-ID:
<20160518092846.A4AA05D7CD@mail.herman.sulina.local>
Wed 2016-05-18 09:26:39.624: [390135] *  Reference-ID:
str=0001.0A150202.573BD363.0071,ss=4,re=0.000,recu=0.000,reip=0.000,vtr=str,
vl=0,pt=R_549421,cl=4,cld=1,fgs=12
Wed 2016-05-18 09:26:39.624: [390135] *  Virus result: 0 - Clean Wed
2016-05-18 09:26:39.624: [390135] *  Spam result: 4 - Spam (confirmed) Wed
2016-05-18 09:26:39.625: [390135] *  IWF result: 0 - Clean Wed 2016-05-18
09:26:39.626: [390135]  End Outbreak Protection results Wed 2016-05-18
09:26:39.628: [390135] Passing message through Spam Filter (Size: 11840)...
Wed 2016-05-18 09:26:40.651: [390135] *  3.0 MDAEMON_DNSBL MDaemon: marked
by MDaemon's DNSBL Wed 2016-05-18 09:26:40.651: [390135] *  2.5
MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Wed 2016-05-18 09:26:40.651:
[390135] *  1.6 BAYES_50 BODY: Bayes spam probability is 40 to 60%
Wed 2016-05-18 09:26:40.651: [390135] *  [score: 0.5107]
Wed 2016-05-18 09:26:40.651: [390135] *  0.8 RDNS_NONE Delivered to internal
network by a host with no rDNS Wed 2016-05-18 09:26:40.651: [390135] *  0.0
HELO_MISC_IP Looking for more Dynamic IP Relays Wed 2016-05-18 09:26:40.651:
[390135]  End SpamAssassin results Wed 2016-05-18 09:26:40.651: [390135]
Spam Filter score/req: 7.90/12.0 Wed 2016-05-18 09:26:40.809: [390135]
Message creation successful: d:\mdaemon\queues\inbound\md50007295647.msg
Wed 2016-05-18 09:26:40.809: [390135] --> 250 2.6.0 Ok, message saved
>
Wed 2016-05-18 09:26:40.817: [390135] <-- QUIT Wed 2016-05-18 09:26:40.817:
[390135] --> 221 2.0.0 See ya in cyberspace Wed 2016-05-18 09:26:40.817:
[390135] SMTP session successful (Bytes in/out: 11959/585) Wed 2016-05-18
09:26:40.817: --

Pak Syafril apakah pengaruh karena di mail server kami memiliki 2 domain yg
aktif 1 domain dengan edm-dima.co.id ( SMTP  :edm-ed-dima.com ) dan domain 1
lagi dengan dima.co.id ( SMTP mail.dima.co.id)
Saat ini yang aktif kami pakai domain dima.co.id ( SMTP dima.co.id ) apakah
spam ini masuk lewat SMTP yg tidak aktif kami ?

Wed 2016-05-18 09:26:35.815: [390135] <-- EHLO [115.79.46.28] Wed 2016-05-18
09:26:35.816: [390135] --> 250-edm.ed-dima.com Hello [115.79.46.28], pleased
to meet you

Thank's

Heryanto






-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
Syafril Hermansyah
Sent: 18 May 2016 8:34
To: Milis Komunitas MDaemon Indonesia <mdaemon-l@dutaint.com>
Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

On 18/05/16 08:06, Heryanto wrote:
> Pak Syafril berikut log nya ? mau bertanya pak kalau dilihat dari log 
> smtp in di bawah ini ada celah di mana ya pak ?
> 
> Wed 2016-05-18 06:02:41.066: [376213] Accepting SMTP connection from
> 188.76.84.3:52319 to 116.254.100.37:25

> Wed 2016-05-18 06:02:41.545: [376213] <-- EHLO 
> 3.84.76.188.dynamic.jazztel.es

> Wed 2016-05-18 06:02:42.047: [376213] Performing PTR lookup
> (3.84.76.188.IN-ADDR.ARPA)

> Wed 2016-05-18 06:02:42.069: [376213] *  D=3.84.76.188.IN-ADDR.ARPA
> TTL=(283) PTR=[3.84.76.188.dynamic.jazztel.es]

> Wed 2016-05-18 06:02:42.073: [376213] *  
> D=3.84.76.188.dynamic.jazztel.es
> TTL=(368) A=[188.76.84.3]

Masukkan Identitas sender host (3.84.76.188.dynamic.jazztel.es) kedalam
hostscreening.

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--host_screenin
g.htm

masukkan di ALL Ips

Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file
berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

salin/timpa ke \\mdaemon\app, lalu restart MDaemon servic

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Syafril Hermansyah]

On 18/05/16 09:16, Ivan wrote:
> Wah bahaya pak, saya coba copy file ini restart MD, POP,SMTP jd inactive
> semua MD error. saya balikin lagi host file yg lama normal lagi.

Hostscreening itu untuk direct incoming connection atau ETRN/ODMR bukan
yang pakai domainpop/multipop.

Dengan perkataan lain, hostscreening (dan reverselookup) tidak ada
pengaruhnya kalau pakai domainpop/multipop; tetapi mestinya tidak akan
membuat MDaemon tidak berjalan kecuali ada firewall/proxy yang melakukan
intervensi.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Nasihat yang terbaik diberikan oleh pengalaman. Tapi nasehat itu
datangnya sering terlambat
-- Nicholas Amelot de la Houssave, 1634-1706


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Ivan]

On 18/05/16 08:34, Syafril Hermansyah wrote:

Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file
berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

salin/timpa ke \\mdaemon\app, lalu restart MDaemon service dari windows
service control panel.
Wah bahaya pak, saya coba copy file ini restart MD, POP,SMTP jd inactive 
semua MD error. saya balikin lagi host file yg lama normal lagi.

--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Syafril Hermansyah]

On 18/05/16 08:06, Heryanto wrote:
> Pak Syafril berikut log nya ? mau bertanya pak kalau dilihat dari log smtp
> in di bawah ini ada celah di mana ya pak ?
> 
> Wed 2016-05-18 06:02:41.066: [376213] Accepting SMTP connection from
> 188.76.84.3:52319 to 116.254.100.37:25

> Wed 2016-05-18 06:02:41.545: [376213] <-- EHLO
> 3.84.76.188.dynamic.jazztel.es

> Wed 2016-05-18 06:02:42.047: [376213] Performing PTR lookup
> (3.84.76.188.IN-ADDR.ARPA)

> Wed 2016-05-18 06:02:42.069: [376213] *  D=3.84.76.188.IN-ADDR.ARPA
> TTL=(283) PTR=[3.84.76.188.dynamic.jazztel.es]

> Wed 2016-05-18 06:02:42.073: [376213] *  D=3.84.76.188.dynamic.jazztel.es
> TTL=(368) A=[188.76.84.3]

Masukkan Identitas sender host (3.84.76.188.dynamic.jazztel.es) kedalam
hostscreening.

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--host_screening.htm

masukkan di ALL Ips

Karena sudah pakai MDaemon diatas 15.x maka ada pilihan lain, unduh file
berikut

ftp://ftp.dutaint.com/altn-mdaemon/miscl/HostScreen.dat

salin/timpa ke \\mdaemon\app, lalu restart MDaemon service dari windows
service control panel.


> Wed 2016-05-18 06:37:38.479: [376488] Accepting SMTP connection from
> 116.111.51.94:2486 to 116.254.100.37:25

> Wed 2016-05-18 06:37:38.681: [376488] Performing PTR lookup
> (94.51.111.116.IN-ADDR.ARPA)

> Wed 2016-05-18 06:37:38.797: [376488] *  DNS server reports domain name
> unknown

> Wed 2016-05-18 06:37:38.797: [376488] *  No PTR records found

> Wed 2016-05-18 06:37:38.797: [376488]  End PTR results

Yang ini mestinya ditolak kalau semua menu PTR check di reverse lookup
check aktif

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?security--reverse_lookup.htm

[x] Perform PTR lookup on inbound SMTP connections
[x] ...send 501 and close connection if no PTR record exists
[x] ...send 501 and close connection if no PTR record match
[x] Exempt authenticated sessions (lookup will defer until after MAIL)


> -Original Message-
> From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
> Syafril Hermansyah
> Sent: 17 May 2016 21:58
> To: Milis Komunitas MDaemon Indonesia <mdaemon-l@dutaint.com>
> Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

> On 05/17/2016 08:06 PM, Heryanto wrote:
>> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak 
>> menerima email seperti di bawah ini apakah ada celah di settingan mail 
>> server kami sehingga spam mail bisa masuk.


Yang diatas ini dihapus saja saat reply, karena semua member milis sudah
punya salinannya.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Education is the power to think clearly, the power to act well in the
world's work, and the power to appreciate life.
--- Brigham Young


-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Heryanto]

 Action taken: none
Wed 2016-05-18 06:37:42.923: [376488] *  Result: none
Wed 2016-05-18 06:37:42.923: [376488]  End DMARC results
Wed 2016-05-18 06:37:42.924: [376488] Passing message through AntiVirus
(Size: 11840)...
Wed 2016-05-18 06:37:43.075: [376488] *  Message is clean (no viruses found)
Wed 2016-05-18 06:37:43.075: [376488]  End AntiVirus results
Wed 2016-05-18 06:37:43.365: [376488] Passing message through Outbreak
Protection...
Wed 2016-05-18 06:37:43.365: [376488] *  Message-ID:
<20160518063948.22F31A12E5@mail.hardja.local>
Wed 2016-05-18 06:37:43.365: [376488] *  Reference-ID:
str=0001.0A150203.573BABCB.0032,ss=4,re=0.000,recu=0.000,reip=0.000,vtr=str,
vl=0,pt=R_549421,cl=4,cld=1,fgs=12
Wed 2016-05-18 06:37:43.365: [376488] *  Virus result: 0 - Clean
Wed 2016-05-18 06:37:43.365: [376488] *  Spam result: 4 - Spam (confirmed)
Wed 2016-05-18 06:37:43.365: [376488] *  IWF result: 0 - Clean
Wed 2016-05-18 06:37:43.365: [376488]  End Outbreak Protection results
Wed 2016-05-18 06:37:43.368: [376488] Passing message through Spam Filter
(Size: 11840)...
Wed 2016-05-18 06:37:43.501: [376488] *  3.0 MDAEMON_DNSBL MDaemon: marked
by MDaemon's DNSBL
Wed 2016-05-18 06:37:43.501: [376488] *  2.5 MDAEMON_OP_SPAM_HIGH MDaemon:
spam/phish
Wed 2016-05-18 06:37:43.501: [376488] *  1.6 BAYES_50 BODY: Bayes spam
probability is 40 to 60%
Wed 2016-05-18 06:37:43.501: [376488] *  [score: 0.5540]
Wed 2016-05-18 06:37:43.501: [376488] *  0.8 RDNS_NONE Delivered to internal
network by a host with no rDNS
Wed 2016-05-18 06:37:43.501: [376488] *  0.0 HELO_MISC_IP Looking for more
Dynamic IP Relays
Wed 2016-05-18 06:37:43.501: [376488]  End SpamAssassin results
Wed 2016-05-18 06:37:43.502: [376488] Spam Filter score/req: 7.90/12.0
Wed 2016-05-18 06:37:43.601: [376488] Message creation successful:
d:\mdaemon\queues\inbound\md50007294563.msg
Wed 2016-05-18 06:37:43.601: [376488] --> 250 2.6.0 Ok, message saved
>
Wed 2016-05-18 06:37:43.612: [376488] <-- QUIT
Wed 2016-05-18 06:37:43.612: [376488] --> 221 2.0.0 See ya in cyberspace
Wed 2016-05-18 06:37:43.612: [376488] SMTP session successful (Bytes in/out:
11948/579)
Wed 2016-05-18 06:37:43.613: --

Thank's

Heryanto


-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of
Syafril Hermansyah
Sent: 17 May 2016 21:58
To: Milis Komunitas MDaemon Indonesia <mdaemon-l@dutaint.com>
Subject: [MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

On 05/17/2016 08:06 PM, Heryanto wrote:
> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak 
> menerima email seperti di bawah ini apakah ada celah di settingan mail 
> server kami sehingga spam mail bisa masuk.

Periksa ke smtp-in log untuk cari tahu siapa sebenarnya pengirim berlampiran
itu.andri_7D1143C9.zip (history_285 - 1.js) dan deny.iskandar_AE91615B.zip
(history_341 - 1.js) itu, agar bisa dianalisis apakah memang itu dari
spammer atau worm virus atau akun yang terkena hijack (di server lain).


Yang kedua, sebaiknya notify to sender/recipient jika ada attachment
restriction di non aktifkan saja, cukupkan ke notify ke Administrator karena
mungkin saja sendernya palsu (address spoofing).

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?cf_notifications.htm

[ ] Send restricted attachment notification message to...



--
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64 Harap tidak cc: atau
kirim ke private mail untuk masalah MDaemon.

We do not remember days, we remember moments.
--- Cesare Pavese

--
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke
MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi
terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3





-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Heryanto]

Dear Pak syafril,


Berikut salah satu log di smtp in

 
log :
 
Tue 2016-05-17 19:12:39.284: [370628] Session 370628; child 0001
Tue 2016-05-17 19:12:39.284: [370628] Parsing message 

Tue 2016-05-17 19:12:39.288: [370628] *  From: postmas...@ed-dima.com
Tue 2016-05-17 19:12:39.288: [370628] *  To: smallsherry54...@ccs.co.nz
Tue 2016-05-17 19:12:39.288: [370628] *  Subject: MDaemon Notification -- 
Attachment Removed
Tue 2016-05-17 19:12:39.288: [370628] *  Size (bytes): 1285
Tue 2016-05-17 19:12:39.288: [370628] *  Message-ID: 

Tue 2016-05-17 19:12:39.291: [370628] Resolving MX record for ccs.co.nz (DNS 
Server: 116.254.101.2)...
Tue 2016-05-17 19:12:39.303: [370628] *  P=050 S=000 D=ccs.co.nz TTL=(59) 
MX=[smtp.simedarby.co.nz]
Tue 2016-05-17 19:12:39.303: [370628] Attempting SMTP connection to 
smtp.simedarby.co.nz
Tue 2016-05-17 19:12:39.304: [370628] Resolving A record for 
smtp.simedarby.co.nz (DNS Server: 116.254.101.2)...
Tue 2016-05-17 19:12:39.306: [370628] *  D=smtp.simedarby.co.nz TTL=(35) 
A=[203.97.53.77]
Tue 2016-05-17 19:12:39.307: [370628] Attempting SMTP connection to 
203.97.53.77:25
Tue 2016-05-17 19:12:39.309: [370628] Waiting for socket connection...
Tue 2016-05-17 19:12:39.583: [370628] *  Connection established 
116.254.100.37:61888 --> 203.97.53.77:25
Tue 2016-05-17 19:12:39.583: [370628] Waiting for protocol to start...
Tue 2016-05-17 19:12:41.892: [370628] <-- 220 
*
Tue 2016-05-17 19:12:41.893: [370628] --> EHLO edm.ed-dima.com
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-legolas.simedarby.co.nz
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-PIPELINING
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-SIZE 52428800
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ETRN
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ENHANCEDSTATUSCODES
Tue 2016-05-17 19:12:42.166: [370628] <-- 250-8BITMIME
Tue 2016-05-17 19:12:42.166: [370628] <-- 250 DSN
Tue 2016-05-17 19:12:42.166: [370628] --> MAIL 

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Syafril Hermansyah]

On 05/17/2016 08:06 PM, Heryanto wrote:
> Mohon pencerahan nya bahwa mail server kami belakangan ini banyak
> menerima email seperti di bawah ini apakah ada celah di settingan mail
> server kami sehingga spam mail bisa masuk.

Periksa ke smtp-in log untuk cari tahu siapa sebenarnya pengirim
berlampiran  itu.andri_7D1143C9.zip (history_285 - 1.js) dan
deny.iskandar_AE91615B.zip (history_341 - 1.js) itu, agar bisa
dianalisis apakah memang itu dari spammer atau worm virus atau akun yang
terkena hijack (di server lain).


Yang kedua, sebaiknya notify to sender/recipient jika ada attachment
restriction di non aktifkan saja, cukupkan ke notify ke Administrator
karena mungkin saja sendernya palsu (address spoofing).

http://mdaemon.dutaint.co.id/mdaemon/16.0/index.html?cf_notifications.htm

[ ] Send restricted attachment notification message to...



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 16.0.2-64, SP 5.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

We do not remember days, we remember moments.
--- Cesare Pavese

-- 
--MDaemon-L--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 16.0.2, SP 5.0, BES 2.0.2, OC 3.5.2, SG 3.0.3

[MDaemon-L] Email spam banyak yang lolos cukup mengganggu user

[Heryanto]

Dear Pak Syafril ,

 

Mohon pencerahan nya bahwa mail server kami belakangan ini banyak menerima
email seperti di bawah ini apakah ada celah di settingan mail server kami
sehingga spam mail bisa masuk.

 

 

---

MDaemon has detected restricted attachments within an email message

---

 

>From  : smallsherry54...@ccs.co.nz  

To: an...@dima.co.id  

Subject   : [***SPAM*** Score/Req:07.90/6.0] Re:

Message-ID: <20160517141431.73369B03AD@mail.andri.local
 >

 

-

Attachment(s) removed

-

andri_7D1143C9.zip (history_285 - 1.js)

 

log :

 

Tue 2016-05-17 19:12:39.284: [370628] Session 370628; child 0001

Tue 2016-05-17 19:12:39.284: [370628] Parsing message


Tue 2016-05-17 19:12:39.288: [370628] *  From: postmas...@ed-dima.com

Tue 2016-05-17 19:12:39.288: [370628] *  To: smallsherry54...@ccs.co.nz

Tue 2016-05-17 19:12:39.288: [370628] *  Subject: MDaemon Notification --
Attachment Removed

Tue 2016-05-17 19:12:39.288: [370628] *  Size (bytes): 1285

Tue 2016-05-17 19:12:39.288: [370628] *  Message-ID:


Tue 2016-05-17 19:12:39.291: [370628] Resolving MX record for ccs.co.nz (DNS
Server: 116.254.101.2)...

Tue 2016-05-17 19:12:39.303: [370628] *  P=050 S=000 D=ccs.co.nz TTL=(59)
MX=[smtp.simedarby.co.nz]

Tue 2016-05-17 19:12:39.303: [370628] Attempting SMTP connection to
smtp.simedarby.co.nz

Tue 2016-05-17 19:12:39.304: [370628] Resolving A record for
smtp.simedarby.co.nz (DNS Server: 116.254.101.2)...

Tue 2016-05-17 19:12:39.306: [370628] *  D=smtp.simedarby.co.nz TTL=(35)
A=[203.97.53.77]

Tue 2016-05-17 19:12:39.307: [370628] Attempting SMTP connection to
203.97.53.77:25

Tue 2016-05-17 19:12:39.309: [370628] Waiting for socket connection...

Tue 2016-05-17 19:12:39.583: [370628] *  Connection established
116.254.100.37:61888 --> 203.97.53.77:25

Tue 2016-05-17 19:12:39.583: [370628] Waiting for protocol to start...

Tue 2016-05-17 19:12:41.892: [370628] <-- 220
*

Tue 2016-05-17 19:12:41.893: [370628] --> EHLO edm.ed-dima.com

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-legolas.simedarby.co.nz

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-PIPELINING

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-SIZE 52428800

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ETRN

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-ENHANCEDSTATUSCODES

Tue 2016-05-17 19:12:42.166: [370628] <-- 250-8BITMIME

Tue 2016-05-17 19:12:42.166: [370628] <-- 250 DSN

Tue 2016-05-17 19:12:42.166: [370628] --> MAIL

[MDaemon-L] Email SPAM

[Syafril Hermansyah]

On 10/11/15 10:00, Ivan wrote:

> Pak saya ada dapat email sbb : tapi MD lolos tag spam. apakah ada
> cara utk info ke MD spam library kalao ini termasuk spam agar 
> kemudian hari tidak lolos lagi ?

Masukkan sender  kedalam Blacklist Contact di webmail, atau
masukkan kedalam sender kedalam spam filter blacklist atau masukkan
kedalam sender blacklist.
Sender .




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 15.5.2-64, SP 4.5.1-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Mengeritik jauh lebih mudah daripada berbuat yang benar
-- Benyamin Disraeli


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 15.5.1, SP 4.5.1, BES 2.0.2, OC 3.5, SG 3.0.2

[MDaemon-L] Email SPAM

[Ivan]

On 10/11/15 10:18, Syafril Hermansyah wrote:

Masukkan sender  kedalam Blacklist Contact di webmail, atau
masukkan kedalam sender kedalam spam filter blacklist atau masukkan
kedalam sender blacklist.
Sender .

Berarti kalo spammer ganti2 email terus maka list backlist kita akan 
buanyak ya Pak , krn kadang email spam yg sama tapi pengirimnya ganti2 email


Rgds
--
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 15.5.1, SP 4.5.1, BES 2.0.2, OC 3.5, SG 3.0.2

[MDaemon-L] Email SPAM

[Syafril Hermansyah]

On 10/11/15 11:22, Ivan wrote:
> Berarti kalo spammer ganti2 email terus maka list backlist kita akan
> buanyak ya Pak , krn kadang email spam yg sama tapi pengirimnya ganti2
> email

Ya, kalau pakai domainpop atau multipop memang begitu adanya.
Pilihan lain, minta bantuan mail hoster (yang peduli dengan spam mail)
untuk block spam di server mereka.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 15.5.2-64, SP 4.5.1-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Mengeritik jauh lebih mudah daripada berbuat yang benar
-- Benyamin Disraeli


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 15.5.1, SP 4.5.1, BES 2.0.2, OC 3.5, SG 3.0.2

[MDaemon-L] Email SPAM

[Ivan]

Pak saya ada dapat email sbb : tapi MD lolos tag spam. apakah ada cara 
utk info ke MD spam library kalao ini termasuk spam agar kemudian hari 
tidak lolos lagi ?


X-MDAV-Result: clean
X-MDAV-Processed: webmail.pttdp.com, Tue, 10 Nov 2015 09:38:01 +0700
X-Spam-Processed: webmail.pttdp.com, Tue, 10 Nov 2015 09:38:00 +0700
Return-path: 
X-Spam-Level: **
X-Spam-Status: No, score=2.4 required=4.3 tests=HTML_MESSAGE,LOTS_OF_MONEY,
MIME_HTML_ONLY,RDNS_NONE,T_OBFU_HTML_ATTACH,URIBL_BLOCKED 
shortcircuit=no
autolearn=disabled version=3.4.1
X-Spam-Report:
*  1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
*  0.0 T_OBFU_HTML_ATTACH BODY: HTML attachment with non-text MIME type
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was 
blocked.
*   See 
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
*  for more information.
*  [URIs: vmfassessoria.com]
*  0.0 LOTS_OF_MONEY Huge... sums of money
*  1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28)
Received: from pop.cbn.net.id ([202.158.81.40])
by pttdp.com ([117.102.88.187])
(MDaemon PRO v15.5.2)
with DomainPOP id md5991364.msg for ;
Tue, 10 Nov 2015 09:37:59 +0700
X-MDRemoteIP: 202.158.81.40
X-MDHelo:
X-MDArrival-Date: Tue, 10 Nov 2015 09:37:59 +0700
X-Return-Path: www-d...@www1.contato.turbinamail.info
X-Envelope-From: www-d...@www1.contato.turbinamail.info
X-MDaemon-Deliver-To: i...@pttdp.com
Envelope-to: i...@pttdp.com
Delivery-date: Tue, 10 Nov 2015 09:38:10 +0700
Received: from [10.64.162.1] (port=24159 helo=mx-1-3.int.cbn.net.id)
by backend-1-1.int.cbn.net.id with esmtp (Exim 4.80.1)
(envelope-from )
id 1Zvyp0-0005hI-OW
for i...@pttdp.com; Tue, 10 Nov 2015 09:38:10 +0700
Received: from www1.contato.turbinamail.info ([104.238.159.121]:47585)
by mx-1-3.int.cbn.net.id with esmtp (Exim 4.80.1)
(envelope-from )
id 1Zvyoz-0004IT-ON
for i...@pttdp.com; Tue, 10 Nov 2015 09:38:10 +0700
Received: by www1.contato.turbinamail.info (Postfix, from userid 33)
id BC45083EAC; Tue, 10 Nov 2015 02:26:31 + (UTC)
To: i...@pttdp.com
Subject: RE: Documento - Ref.: 10/11/2015 :  - 9706423
X-PHP-Originating-Script: 0:xman.php
X-Mailer: Zimbra 8.0.2_GA_5569 (ZimbraWebClient – FF22 (Mac)/8.0.2_GA_5569)
From: Assessoria Contabil 
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="9a0890b9d34628fdfbaa71677377fe58"
Message-Id: <20151110022631.bc45083...@www1.contato.turbinamail.info>
Date: Tue, 10 Nov 2015 02:26:31 + (UTC)


--
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 15.5.1, SP 4.5.1, BES 2.0.2, OC 3.5, SG 3.0.2

[MDaemon-L] email Spam tidak masuk spamtrap folder

[zhia chandra]

dear pak syafril

saya cek ada spam yang terdeteksi oleh mdaemon
namun ko tidak masuk ke folder spamtrap ya,
kebetulan ini seharusnya bukan spam dan ingin saya recovery email nya ke 
tujuan semula..



Fri 2014-08-22 10:13:03: --
Fri 2014-08-22 10:13:25: Session 420258; child 0002
Fri 2014-08-22 10:13:25: Accepting SMTP connection from 
[202.52.146.71:54500] to [172.16.99.6:25]
Fri 2014-08-22 10:13:25: -- 220 mail.terminix.co.id ESMTP MDaemon 
14.0.3; Fri, 22 Aug 2014 10:13:25 +0700

Fri 2014-08-22 10:13:25: -- EHLO bangunjiwo.idwebhost.com
Fri 2014-08-22 10:13:25: -- 250-mail.terminix.co.id Hello 
bangunjiwo.idwebhost.com, pleased to meet you

Fri 2014-08-22 10:13:25: -- 250-EXPN
Fri 2014-08-22 10:13:25: -- 250-ETRN
Fri 2014-08-22 10:13:25: -- 250-AUTH LOGIN CRAM-MD5 PLAIN
Fri 2014-08-22 10:13:25: -- 250-8BITMIME
Fri 2014-08-22 10:13:25: -- 250-STARTTLS
Fri 2014-08-22 10:13:25: -- 250 SIZE 1200
Fri 2014-08-22 10:13:25: -- STARTTLS
Fri 2014-08-22 10:13:25: -- 220 Begin TLS negotiation
Fri 2014-08-22 10:13:26: SSL negotiation successful (TLS 1.0, 1536 bit 
key exchange, 128 bit RC4 encryption)

Fri 2014-08-22 10:13:26: -- EHLO bangunjiwo.idwebhost.com
Fri 2014-08-22 10:13:26: -- 250-mail.terminix.co.id Hello 
bangunjiwo.idwebhost.com, pleased to meet you

Fri 2014-08-22 10:13:26: -- 250-EXPN
Fri 2014-08-22 10:13:26: -- 250-ETRN
Fri 2014-08-22 10:13:26: -- 250-AUTH LOGIN CRAM-MD5 PLAIN
Fri 2014-08-22 10:13:26: -- 250-8BITMIME
Fri 2014-08-22 10:13:26: -- 250 SIZE 1200
Fri 2014-08-22 10:13:26: -- MAIL 
FROM:termi...@bangunjiwo.idwebhost.com SIZE=2036

Fri 2014-08-22 10:13:26: Performing PTR lookup (71.146.52.202.IN-ADDR.ARPA)
Fri 2014-08-22 10:13:26: *  D=71.146.52.202.IN-ADDR.ARPA TTL=(24) 
PTR=[ipv4-71-146-52.idwebhost.com]

Fri 2014-08-22 10:13:26: *  Gathering A records...
Fri 2014-08-22 10:13:26: *  No A records found
Fri 2014-08-22 10:13:26:  End PTR results
Fri 2014-08-22 10:13:26: Performing IP lookup (bangunjiwo.idwebhost.com)
Fri 2014-08-22 10:13:26: *  D=bangunjiwo.idwebhost.com TTL=(1440) 
A=[202.52.146.71]

Fri 2014-08-22 10:13:26:  End IP lookup results
Fri 2014-08-22 10:13:26: Performing IP lookup (bangunjiwo.idwebhost.com)
Fri 2014-08-22 10:13:27: *  D=bangunjiwo.idwebhost.com TTL=(1440) 
A=[202.52.146.71]

Fri 2014-08-22 10:13:27:  End IP lookup results
Fri 2014-08-22 10:13:27: Performing SPF lookup (bangunjiwo.idwebhost.com 
/ 202.52.146.71)

Fri 2014-08-22 10:13:27: *  Result: none; no SPF record in DNS
Fri 2014-08-22 10:13:27:  End SPF results
Fri 2014-08-22 10:13:27: -- 250 termi...@bangunjiwo.idwebhost.com, 
Sender ok

Fri 2014-08-22 10:13:27: -- RCPT TO:c...@terminix.co.id
Fri 2014-08-22 10:13:27: c...@terminix.co.id is an alias for 
dewi.novitas...@terminix.co.id

Fri 2014-08-22 10:13:27: -- 250 c...@terminix.co.id, Recipient ok
Fri 2014-08-22 10:13:27: -- DATA
Fri 2014-08-22 10:13:27: Creating temp file (SMTP): 
e:\mdaemon\queues\temp\md5556899.tmp

Fri 2014-08-22 10:13:27: -- 354 Enter mail, end with CRLF.CRLF
Fri 2014-08-22 10:13:27: Message size: 1467 bytes
Fri 2014-08-22 10:13:27: Performing DKIM lookup
Fri 2014-08-22 10:13:27: *  File: e:\mdaemon\queues\temp\md5556899.tmp
Fri 2014-08-22 10:13:27: *  Message-ID: 
c70c605e4184e6a45e003acfb9c39...@www.terminix.co.id

Fri 2014-08-22 10:13:28: *  Result: neutral
Fri 2014-08-22 10:13:28:  End DKIM results
Fri 2014-08-22 10:13:28: Performing DomainKeys lookup (Sender: 
sd...@gmail.com.id)

Fri 2014-08-22 10:13:28: *  File: e:\mdaemon\queues\temp\md5556899.tmp
Fri 2014-08-22 10:13:28: *  Message-ID: 
c70c605e4184e6a45e003acfb9c39...@www.terminix.co.id

Fri 2014-08-22 10:13:28: *  Querying for policy: gmail.com.id
Fri 2014-08-22 10:13:28: *Querying: _domainkey.gmail.com.id ...
Fri 2014-08-22 10:13:28: *DNS: *  Name server reports domain name 
unknown

Fri 2014-08-22 10:13:28: *  Result: neutral
Fri 2014-08-22 10:13:28:  End DomainKeys results
Fri 2014-08-22 10:13:28: Passing message through AntiVirus (Size: 1467)...
Fri 2014-08-22 10:13:28: *  Message is clean (no viruses found)
Fri 2014-08-22 10:13:28:  End AntiVirus results
Fri 2014-08-22 10:13:28: Passing message through Outbreak Protection...
Fri 2014-08-22 10:13:28: *  Message-ID: 
c70c605e4184e6a45e003acfb9c39...@www.terminix.co.id
Fri 2014-08-22 10:13:28: *  Reference-ID: 
str=0001.0A15020A.53F59D6A.00D3,ss=4,sh,re=0.000,fgs=12

Fri 2014-08-22 10:13:28: *  Virus result: 0 - Clean
Fri 2014-08-22 10:13:28: *  Spam result: 4 - Spam (confirmed)
Fri 2014-08-22 10:13:28: *  IWF result: 0 - Clean
Fri 2014-08-22 10:13:28:  End Outbreak Protection results
Fri 2014-08-22 10:13:28: -- 554 Sorry, message looks like spam or phish 
to me (OP)

Fri 2014-08-22 10:13:28: SMTP session terminated (Bytes in/out: 2272/1657)
Fri 2014-08-22 10:13:28: --
--
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote

[MDaemon-L] email Spam tidak masuk spamtrap folder

[Syafril Hermansyah]

On 2014-08-22 14:22, zhia chandra wrote:
 saya cek ada spam yang terdeteksi oleh mdaemon namun ko tidak masuk
 ke folder spamtrap ya,

 Fri 2014-08-22 10:13:28: -- 554 Sorry, message looks like spam or
 phish to me (OP)

Mail ini direject di level smtp, jadi memang tidak akan diteruskan
kemanapun.

 kebetulan ini seharusnya bukan spam dan ingin saya recovery email nya
 ke tujuan semula..

Masukkan sender kedalam spam filter whitelist lalu minta sender resend.


http://mdaemon.dutaint.co.id/14.0.1/sf_white_list_from.htm

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 14.5.0 Beta C SP 4.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Syafril Hermansyah]

On 2014-08-19 15:34, Dedy Sumytra wrote:
 kalau lgonya seperti ini bagaimana pak..?, masih tembus juga ya


 Sun 2014-08-17 00:17:32: [776207] -- EHLO
 koln-4d0b5bd5.pool.mediaWays.net http://koln-4d0b5bd5.pool.mediaWays.net

Masukkan FQDN host diatas ke hostscreening.
Boleh juga dimasukkan *.pool.mediaWays.net

 yang ini juga,


 Sun 2014-08-17 05:04:19: [776339] -- EHLO 93-79-27-80.sumy.volia.net

Masukkan FQDN host diatas ke hostscreening.
Atau masukkan *.sumy.volia.net

Lakukan seperti jika ada masalah yang mirip nantinya.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 14.5.0 Beta B SP 4.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Dedy Sumytra]

2014-08-19 15:57 GMT+07:00 Syafril Hermansyah syaf...@dutaint.co.id:

 Lakukan seperti jika ada masalah yang mirip nantinya.


ok pak, sudah saya lakukan, terima kasih.

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Syafril Hermansyah]

On 2014-08-12 16:21, Dedy Sumytra wrote:
 SPAM masih tembus ke akun user padahal kalau dilihat log-nya sudah
 terdetect sebagai SPAM. berikut log-nya :

 Tue 2014-08-05 03:15:48: [678921] Accepting SMTP connection from
 [76.180.37.249:65409 http://76.180.37.249:65409] to [10.10.51.165:25
 http://10.10.51.165:25]

 Tue 2014-08-05 03:15:48: [678921] -- EHLO
 cpe-76-180-37-249.buffalo.res.rr.com
 http://cpe-76-180-37-249.buffalo.res.rr.com

 Tue 2014-08-05 03:15:48: [678921] Performing PTR lookup
 (249.37.180.76.IN-ADDR.ARPA)
 Tue 2014-08-05 03:15:48: [678921] *  D=249.37.180.76.IN-ADDR.ARPA
 TTL=(1439) PTR=[cpe-76-180-37-249.buffalo.res.rr.com
 http://cpe-76-180-37-249.buffalo.res.rr.com]
 Tue 2014-08-05 03:15:48: [678921] *  Gathering A records...
 Tue 2014-08-05 03:15:49: [678921] * 
 D=cpe-76-180-37-249.buffalo.res.rr.com
 http://cpe-76-180-37-249.buffalo.res.rr.com TTL=(1439) A=[76.180.37.249]
 Tue 2014-08-05 03:15:49: [678921]  End PTR results

Spam sakti begini harus diblock menggunakan Host Screening.

http://mdaemon.dutaint.co.id/14.0.1/security--host_screening.htm

Local IP: All IPs
Remote host: cpe-76-180-37-249.buffalo.res.rr.com
[x] Refuse EHLO/PTR value

Klik add

 Tue 2014-08-05 09:35:31: [679560] Accepting SMTP connection from 
 [92.124.140.33:1182] to [10.10.51.165:25]

 Tue 2014-08-05 09:35:31: [679560] -- EHLO host-92-124-140-33.pppoe.omsknet.ru
 Tue 2014-08-05 09:35:31: [679560] -- 250-mail.aaa-asset.com Hello 
 host-92-124-140-33.pppoe.omsknet.ru, pleased to meet you

 Tue 2014-08-05 09:35:31: [679560] Performing PTR lookup 
 (33.140.124.92.IN-ADDR.ARPA)
 Tue 2014-08-05 09:35:32: [679560] *  D=33.140.124.92.IN-ADDR.ARPA TTL=(1440) 
 PTR=[host-92-124-140-33.pppoe.omsknet.ru]
 Tue 2014-08-05 09:35:32: [679560] *  Gathering A records...
 Tue 2014-08-05 09:35:32: [679560] *  D=host-92-124-140-33.pppoe.omsknet.ru 
 TTL=(1440) A=[92.124.140.33]

Sama kasusnya dengan diatas.

Penjelasan lebih lengkap baca disini

http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31029.html

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 14.5.0 Beta B SP 4.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Dedy Sumytra]

2014-08-12 16:29 GMT+07:00 Syafril Hermansyah syaf...@dutaint.co.id:

 Penjelasan lebih lengkap baca disini

 http://www.mail-archive.com/mdaemon-l@dutaint.com/msg31029.html


saya sudah ikuti saran diatas, nanti saya update hasilnya, tks

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Syafril Hermansyah]

On 2014-08-04 09:25, Dedy Sumytra wrote:
 user kami mendapati email yang mengatasnamakan mails...@norton.com
 mailto:mails...@norton.com dimana user diarahkan untuk mengklik link
 yang diberikan oleh si spammer seakan akan email tersebut legal dari
 admin. berikut log-nya

 Wed 2014-07-30 19:01:30: [651348] Accepting SMTP connection from 
 [118.97.98.251:58679] to [10.10.51.165:25]
 Wed 2014-07-30 19:01:30: [651348] -- 220 mail.aaa-asset.com ESMTP MDaemon 
 14.0.3; Wed, 30 Jul 2014 19:01:30 +0700
 Wed 2014-07-30 19:01:30: [651348] -- EHLO sdit.airnavindonesia.co.id
 Wed 2014-07-30 19:01:30: [651348] -- 250-mail.aaa-asset.com Hello 
 sdit.airnavindonesia.co.id, pleased to meet you

 Wed 2014-07-30 19:01:30: [651348] -- MAIL FROM:mails...@norton.com 
 SIZE=2732 BODY=7BIT
 Wed 2014-07-30 19:01:30: [651348] Performing PTR lookup 
 (251.98.97.118.IN-ADDR.ARPA)
 Wed 2014-07-30 19:01:31: [651348] *  Error: *  Name server reports domain 
 name unknown
 Wed 2014-07-30 19:01:31: [651348] *  No PTR records found

 kenapa bisa tembus ke user ya pak..?

Karena MDaemon Anda tidak mereject mail dari sender host yang tidak
punya identitas IP (PTR record), padahal sender itu tidak authorized for
sending mail.

http://www.mail-archive.com/mdaemon-l%40dutaint.com/msg20502.html

Mestinya menu berikut aktif

http://mdaemon.dutaint.co.id/14.0.1/security--reverse_lookup.htm

[x] ...send 501 and close connection if no PTR record match

kelihatannya server sdit.airnavindonesia.co.id ini open relay atau salah
satu IP yang di trust (umumnya local network) terinfeksi worm virus
sehingga broadcast spam mail ke on behalf mails...@norton.com.



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 14.0.3 SP 4.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Dedy Sumytra]

2014-08-04 10:24 GMT+07:00 Syafril Hermansyah syaf...@dutaint.co.id:

 Karena MDaemon Anda tidak mereject mail dari sender host yang tidak
 punya identitas IP (PTR record), padahal sender itu tidak authorized for
 sending mail.

 http://www.mail-archive.com/mdaemon-l%40dutaint.com/msg20502.html

 Mestinya menu berikut aktif

 http://mdaemon.dutaint.co.id/14.0.1/security--reverse_lookup.htm

 [x] ...send 501 and close connection if no PTR record match


menu ini sudah active sebelumnya pak, tapi masih tembus ya..


 kelihatannya server sdit.airnavindonesia.co.id ini open relay atau salah
 satu IP yang di trust (umumnya local network) terinfeksi worm virus
 sehingga broadcast spam mail ke on behalf mails...@norton.com.



apa ada yang kurang settingan di MDaemonnya...?

[MDaemon-L] Email Spam Score

[Syafril Hermansyah]

On 2014-08-04 11:49, Dedy Sumytra wrote:
 Mestinya menu berikut aktif
 
 http://mdaemon.dutaint.co.id/14.0.1/security--reverse_lookup.htm
 
 [x] ...send 501 and close connection if no PTR record match
 
 
 menu ini sudah active sebelumnya pak, tapi masih tembus ya..

Ops sorry, mestinya menu berikut juga aktif.

[x] ...send 501 and close connection if no PTR record exists (caution)



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 14.0.3 SP 4.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Score

[Dedy Sumytra]

2014-08-04 11:56 GMT+07:00 Syafril Hermansyah syaf...@dutaint.co.id:

 [x] ...send 501 and close connection if no PTR record exists (caution)



terima kasih pak, saya akan monitor perkembangannya ;)

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 14.0.3, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 3.0.1

[MDaemon-L] Email Spam Tidak terdeteksi

[Ivan Leonardo]

Beberapa user saya menerima email spt dibawah, tapi kenapa MD tidak
menganggap ini sbg spam ya ?
Jika saya mau daftarkan/infokan email ini sbg spam ke spam filter / spam
learning bergunakah ? dan bagaimana caranya ?

Atau saya daftarkan saja domainnya ke sender blacklist ?

Thanks

 Original Message 
Subject:Fwd: Email Storage Limit Exceeded
Date:   Wed, 23 Apr 2014 16:36:53 +0700
From:   Andres and...@pttdp.com
To: Ivan Leonardo i...@pttdp.com



Fyi


 Original Message 
Subject:Email Storage Limit Exceeded
Date:   Wed, 23 Apr 2014 01:45:44 -0400
From:   Microsoft Security microsoft.secur...@virgina.edu
Reply-To:   
To: and...@pttdp.com



New Page 1
Dear Email Account User,

Your Email Account has exceeded it's storage Limit,
Most incoming messages may be placed on pending due to our recent Upgrade.

Verify your Email account immediately to get your Account Storage Upgraded.

if not verified within 24 hours, we shall delete all your Email Account
incoming messages.

Click here
http://chevast.com/pic/Microsoft/MicrosoftEmailUpgrade.htmlto Upgrade
your email account storage now.


Thank you.
2014 Microsoft Security.

-- 







Website : WWW.PTTDP.COM
---
DISCLAIMER :
Important Notice: This information transmitted (including any attachments)
is intended only for the use of the named addressee, and
may contain material/information that is private, confidential and/or
legally privileged. Any retransmission, dissemination or other use of, or
taking of any action in reliance upon, this material/information
by anyone other than the named addressee is prohibited. If you received
this in error, please immediately notify the sender at the address and
telephone/telefax number or e-mail address set forth herein, delete the
material/information from any computer and data carrier and destroy any copies 
or print-outs
that may have been made of this material/information.

Please note that e-mails are susceptible to change. Although this e-mail
and any attachments are believed to be free of any virus, or any other
defect which might affect any computer or IT system into which they are
received and opened, it is the responsibility of the recipient to ensure
that they are free of viruses and other defects.

PT. TIGAKA DISTRINDO PERKASA is not liable for any
loss or damage arising in any way from receipt, use or delay of this e-
mail and any attachments, nor for improper or incomplete transmission
of the information contained therein.

 

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.6.2, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 2.1.2, PP 2.0.1

[MDaemon-L] Email Spam Tidak terdeteksi

[Ivan Leonardo]

On 23/04/14 5:00 PM, Syafril Hermansyah wrote:
 IMAP client:
 - pindahkan (move) ke public folder/ bayesian system / Spam.

di TB saya pakai IMAP tapi bagaimana caranya move message ke bayesian
system folder dari TB ?

thanks

Website : WWW.PTTDP.COM
---
DISCLAIMER :
Important Notice: This information transmitted (including any attachments)
is intended only for the use of the named addressee, and
may contain material/information that is private, confidential and/or
legally privileged. Any retransmission, dissemination or other use of, or
taking of any action in reliance upon, this material/information
by anyone other than the named addressee is prohibited. If you received
this in error, please immediately notify the sender at the address and
telephone/telefax number or e-mail address set forth herein, delete the
material/information from any computer and data carrier and destroy any copies 
or print-outs
that may have been made of this material/information.

Please note that e-mails are susceptible to change. Although this e-mail
and any attachments are believed to be free of any virus, or any other
defect which might affect any computer or IT system into which they are
received and opened, it is the responsibility of the recipient to ensure
that they are free of viruses and other defects.

PT. TIGAKA DISTRINDO PERKASA is not liable for any
loss or damage arising in any way from receipt, use or delay of this e-
mail and any attachments, nor for improper or incomplete transmission
of the information contained therein.

 


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.6.2, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 2.1.2, PP 2.0.1

[MDaemon-L] Email Spam Tidak terdeteksi

[Syafril Hermansyah]

On 2014-04-24 07:48, Ivan Leonardo wrote:
 IMAP client:
  - pindahkan (move) ke public folder/ bayesian system / Spam.
 di TB saya pakai IMAP tapi bagaimana caranya move message ke bayesian
 system folder dari TB ?

Aktifkan dulu bayesian learning system di MDaemon

http://mdaemon.dutaint.co.id/14.0/sf_bayesian.htm

nanti di IMAP client akan tampil /public folder/bayesian learning/spam
dan /public folder/bayesian learning/ham



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 14.0.1 Beta B SecurityPlus 4.1.5
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.6.2, SP 4.1.5, BES 2.0.2, OC 2.3.3, SG 2.1.2, PP 2.0.1

[MDaemon-L] Email spam tidak terblokir

[dharma dipura]

Dear Pa Syafril,

Belakangan ini begitu banyak spam yang masuk memang sudah ada warning dari
spam filter dan yang mengganggu email spam ini kebanyakan masuk ke email
atasan kami.
Saya sudah coba memasukan ke black list agar terblok di MDaemon, berikut
contoh yang saya masukan ke black list no-re...@facebook.com tapi sekarang
muncul lagi.

Mohon bantuan dan informasinya mengenai issue ini.

Terima kasih,

Salam

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.5.1, SP 4.1.5, BES 2.0.2, OC 2.3.2, SG 2.1.2, PP 2.0.1

[MDaemon-L] Email spam tidak terblokir

[Syafril Hermansyah]

On 2013-07-25 07:00, dharma dipura wrote:
 Belakangan ini begitu banyak spam yang masuk memang sudah ada warning dari
 spam filter dan yang mengganggu email spam ini kebanyakan masuk ke email
 atasan kami.
 Saya sudah coba memasukan ke black list agar terblok di MDaemon, berikut
 contoh yang saya masukan ke black list no-re...@facebook.com tapi sekarang
 muncul lagi.

Spam mail hanya bisa ditolak (smtp rejection) kalau mail dari internet
masuk ke MDaemon melalui smtp server (direct incoming mail atau ETRN/ODMR).
Kalau pakai domainpop/multipop maka spam mail hanya bisa dihapus
(delete) saja, dan hanya memanfaatkan spamassassin filtering.

http://mdaemon.dutaint.co.id/13.5/index.html?sf_spam_filtering.htm

What to do with spam...
[x] ...delete spam immediately

atau kombinasi menu berikut (pilihan terbaik)

[x] ...flag spam but let it continue down the delivery path

dengan

http://mdaemon.dutaint.co.id/13.5/index.html?sf_options.htm

[x] Move spam into user's IMAP spam folder automatically

Pilihan kombinasi yang lain, gunakan content filter untuk menghapus spam
mail dikombinasikan dengan flag spam but let it continue down the
delivery path

http://mdaemon.dutaint.co.id/13.5/index.html?cf_creating_a_new_content_filter_rule.htm

misalkan saja
If Spam Filter Score greater than () +12.0
then Delete the message


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 13.5.2 Beta B SecurityPlus 4.1.5
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.5.1, SP 4.1.5, BES 2.0.2, OC 2.3.2, SG 2.1.2, PP 2.0.1

[MDaemon-L] Email spam tidak terblokir

[dharma dipura]

Pada 25 Juli 2013 07.58, Syafril Hermansyah syaf...@dutaint.co.id menulis:

 If Spam Filter Score greater than () +12.0
 then Delete the message


Terima Kasih Pa Syafril sudah saya coba semua.

Kalau di rule sebelumnya ada beberapa rule yang disable seperti di bawah
ini :

- Message/Partial vulnerability [Move to bad message queue] :
   If the message has an attachtment with a CONTENT-TYPE of
'message/partial'
...then send note 1 to postmaster@$PRIMARYDOMAIN$,fromMDAEMON@
$PRIMARYDOM..
and move message to bad message directory

- IFRAME vulnerability
   If the message has an attachtment with a CONTENT-TYPE of 'text/html'
and the contain MESSAGE BODY contains 'frame'
...then send note 1 to postmaster@$PRIMARYDOMAIN$,fromMDAEMON@
$PRIMARYDOM..
and move message to bad message directory

Untuk rule diatas tersebut jika diaktifkan berfungsi jika ada attachment
yang kondisi partial atau frame seperti apa Pa ?

Terima kasih

Salam

-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.5.1, SP 4.1.5, BES 2.0.2, OC 2.3.2, SG 2.1.2, PP 2.0.1

[MDaemon-L] Email spam tidak terblokir

[Syafril Hermansyah]

On 2013-07-25 09:08, dharma dipura wrote:
 - Message/Partial vulnerability [Move to bad message queue] :
If the message has an attachtment with a CONTENT-TYPE of
 'message/partial'
 
 - IFRAME vulnerability
 
 Untuk rule diatas tersebut jika diaktifkan berfungsi jika ada attachment
 yang kondisi partial atau frame seperti apa Pa ?

Partial message adalah istilah lain dari split message.
Di outlook express atau windows live ada fasilitas untuk split message
menjadi ukuran kecil-2x dengan maksud saat kirim mail tidak ditolak oleh
smtp server akibat ukurannya terlalu besar.

http://www.helpwithmypc.info/pc-help/outlook-express-attachments-splitting.php

juga ada fasilitas split macam ini di file .rar dengan maksud yang sama
(kirim mail tidak ditolak).

Mail atau attachment file yang di split tidak bisa di scan oleh
antivirus sehingga rawan (vulnerable) -- perlu perhatian dari
Administrator untuk melakukan pemeriksaan secara manual.

Iframe adalah bagian dari kode HTML untuk menampilkan web page within
web page. Iframe ini bisa disusupi script yang melakukan DDOS attack ke
situs web tertentu.

http://www.guardian.co.uk/technology/2008/apr/03/security.google
http://www.ehacking.net/2012/07/iframe-security-vulnerability.html

Iframe vulnerability sekarang ini juga dideteksi oleh AntiVirus,
sehingga kalau sudah menggunakan SecurityPlus maka content filter rule
ini bisa di non aktifkan.


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 13.5.2 Beta B SecurityPlus 4.1.5
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.5.1, SP 4.1.5, BES 2.0.2, OC 2.3.2, SG 2.1.2, PP 2.0.1

[mdaemon-l] Email Spam

[Syafril Hermansyah]

On 12/08/2012 10:20 AM, Ahmad Ardiansyah wrote:

 Kok saya saat ini sering kali mendapatkan email spam ya? ini
 dikarenakan apa ya pak yang belum disetting ?

Aktifkan seleksi sender host

http://www.mail-archive.com/mdaemon-l@dutaint.com/msg20477.html

(harap dibaca utas/thread lengkap, tautan ke utas berikutanya ada di
bagian bawah halaman).

-- 
syafril
---
Syafril Hermansyah
Running MDaemon 13.0.3, SP 4.1.5

Death is God's way of telling you not to be such a wise guy.


-- 
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.0.3, SP 4.1.5, BES 2.0.1, OC 2.3.0, SG 2.0.8, PP 2.0.0

[mdaemon-l] Email spam

[HIDAYAT - IDJKT IT PROGRAMMER]

Wah ya panteslah banyak spamnya kalau setting seperti itu?
Mail dari sender yang domainnya tidak didaftar di accept :-(

Om saya sudah mengikuti seperti petunjuk, tapi email yang mirip2 mampir lagi, 
seperti terlampir.

Regards,
Hidayat

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0attachment: reverse lookup 2.PNG---BeginMessage---
Egregi signori!

Sono il Responsabile dell'ufficio personale in una grande ditta che si
occupa di elaborazione di software.
Il numero dei nostri clienti a in continua crescita, pertanto la nostra
ditta ha aperto un bando di concorso per l'assunzione
di personale in qualita di manager in vari paesi per un lavoro con la nostra
clientela.

Le nostri condizioni generali di lavoro sono:
Orario di lavoro flessibile
Buon salario 
Detrazione dei contributi. 
Assicurazione.

Per avere informazioni pia dettagliate inviateci i seguenti dati:
Nome:
Cognome:
Paese:
E-mail:
Numero di telefono:
A che ora preferite di essere contattati:

Curriculum
Inviate i dati sopracitati sull'indirizzo e-mail: i...@wingstrans.org
I nostri manager La contatteranno per discutere i dettagli di lavoro.

Distinti saluti
Responsabile ufficio personale
Marc Lawman

Notice :
*** Telex Release fee - a USD 30/BL if telex release is request you will
have to send a payment of USD 30 along with the telex release request.
*** Late Pick up BL Fee - a USD 100/BL if late pick up of original BL ( 7
days after vessel departure excluding Sunday and Holiday )
*** Correction Fee - a USD 25 ( per each  manifest corrector) will charges
to the client following the manifest corrector if the correction is the
result of the client mistake or if the client does not provide us final BL
before cutoff deadline.
---End Message---

[mdaemon-l] Email spam

[HIDAYAT - IDJKT IT PROGRAMMER]

Dear Om Syafril,

Mulai dari semalam, email kami dibanjiri dengan email2 ga penting yang tidak
kami mengerti apa bahasanya.
Terlampir adalah contoh emailnya, mohon sarannya agar kami bisa menghentikan
mereka.
Terima kasih.

Regards,
Hidayat

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0---BeginMessage---
Egregi signori!

Sono il Responsabile dell'ufficio personale in una grande ditta che si
occupa di elaborazione di software.
Il numero dei nostri clienti a in continua crescita, pertanto la nostra
ditta ha aperto un bando di concorso per l'assunzione
di personale in qualita di manager in vari paesi per un lavoro con la nostra
clientela.

Le nostri condizioni generali di lavoro sono:
Orario di lavoro flessibile
Buon salario 
Detrazione dei contributi. 
Assicurazione.

Per avere informazioni pia dettagliate inviateci i seguenti dati:
Nome:
Cognome:
Paese:
E-mail:
Numero di telefono:
A che ora preferite di essere contattati:

Curriculum
Inviate i dati sopracitati sull'indirizzo e-mail: i...@wingstrans.org
I nostri manager La contatteranno per discutere i dettagli di lavoro.

Distinti saluti
Responsabile ufficio personale
Marc Lawman
---End Message---
---BeginMessage---
Egregi signori!

Sono il Responsabile dell'ufficio personale in una grande ditta che si
occupa di elaborazione di software.
Il numero dei nostri clienti a in continua crescita, pertanto la nostra
ditta ha aperto un bando di concorso per l'assunzione
di personale in qualita di manager in vari paesi per un lavoro con la nostra
clientela.

Le nostri condizioni generali di lavoro sono:
Orario di lavoro flessibile
Buon salario 
Detrazione dei contributi. 
Assicurazione.

Per avere informazioni pia dettagliate inviateci i seguenti dati:
Nome:
Cognome:
Paese:
E-mail:
Numero di telefono:
A che ora preferite di essere contattati:

Curriculum
Inviate i dati sopracitati sull'indirizzo e-mail: i...@wingstrans.org
I nostri manager La contatteranno per discutere i dettagli di lavoro.

Distinti saluti
Responsabile ufficio personale
Marc Lawman
---End Message---
---BeginMessage---
Egregi signori!

Sono il Responsabile dell'ufficio personale in una grande ditta che si
occupa di elaborazione di software.
Il numero dei nostri clienti a in continua crescita, pertanto la nostra
ditta ha aperto un bando di concorso per l'assunzione
di personale in qualita di manager in vari paesi per un lavoro con la nostra
clientela.

Le nostri condizioni generali di lavoro sono:
Orario di lavoro flessibile
Buon salario 
Detrazione dei contributi. 
Assicurazione.

Per avere informazioni pia dettagliate inviateci i seguenti dati:
Nome:
Cognome:
Paese:
E-mail:
Numero di telefono:
A che ora preferite di essere contattati:

Curriculum
Inviate i dati sopracitati sull'indirizzo e-mail: j...@wingstrans.org
I nostri manager La contatteranno per discutere i dettagli di lavoro.

Distinti saluti
Responsabile ufficio personale
Marc Lawman

Notice :
*** Telex Release fee - a USD 30/BL if telex release is request you will
have to send a payment of USD 30 along with the telex release request.
*** Late Pick up BL Fee - a USD 100/BL if late pick up of original BL ( 7
days after vessel departure excluding Sunday and Holiday )
*** Correction Fee - a USD 25 ( per each  manifest corrector) will charges
to the client following the manifest corrector if the correction is the
result of the client mistake or if the client does not provide us final BL
before cutoff deadline.
---End Message---

[mdaemon-l] Email spam

[Syafril Hermansyah]

HIDAYAT - IDJKT IT PROGRAMMER wrote on 07/08/12 08:37 +07:00:
 Mulai dari semalam, email kami dibanjiri dengan email2 ga penting
 yang tidak kami mengerti apa bahasanya. Terlampir adalah contoh
 emailnya, mohon sarannya agar kami bisa menghentikan mereka.

Kenapa reverse lookupnya checknya distop?
Kalau distop ya begitulah dampaknya (banyak terima spam).

http://www.mail-archive.com/mdaemon-l@dutaint.com/msg20477.html

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 13.0 Beta D
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[mdaemon-l] Email spam

[HIDAYAT - IDJKT IT PROGRAMMER]

Kenapa reverse lookupnya checknya distop?
Kalau distop ya begitulah dampaknya (banyak terima spam).

Seingat saya, saya tidak pernah menstop atau merubah setting reverse lookup, 
dia memang sudah aktif.
Tapi coba dilihat settingan terlampir om, apakah ada yang salah.

Regards,
Hidayat

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0attachment: reverse lookup.PNG

[mdaemon-l] Email spam

[Syafril Hermansyah]

HIDAYAT - IDJKT IT PROGRAMMER wrote on 07/08/12 09:51 +07:00:
 Seingat saya, saya tidak pernah menstop atau merubah setting reverse
 lookup, dia memang sudah aktif. Tapi coba dilihat settingan terlampir
 om, apakah ada yang salah.

Wah ya panteslah banyak spamnya kalau setting seperti itu?
Mail dari sender yang domainnya tidak didaftar di accept :-(

Kenapa tidak mau mengikuti tips yang tadi diberikan?

http://www.mail-archive.com/mdaemon-l@dutaint.com/msg20477.html




-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 13.0 Beta D
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[mdaemon-l] Email Spam

[Syafril Hermansyah]

On 17/07/12 12:23, Syafril Hermansyah wrote:

 Kok bayesian scorenya tidak muncul, apa memang tidak diaktifkan?
 

Bayesian score digunakan untuk koreksi terhadap default spam scoring
spamassassin, kalau tidak diaktifkan maka pilihannya cuma melakukan
adjustment terhadap spamscore value, spamfilter blacklist/whitelist.

http://mdaemon.dutaint.co.id/12.5.5/sf_spam_filtering.htm

aktifkan bayesian dan lakukan feed up sample spam dan ham message ke
MDaemon agar akurasi spamfilter meningkat.

http://mdaemon.dutaint.co.id/12.5.5/sf_bayesian.htm

-- 
syafril
---
Syafril Hermansyah
Running MDaemon 13.0 Beta B


It's very inconvenient to be mortal -- you never know when everything may
suddenly stop happening.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[mdaemon-l] Email Spam

[Ivan Leonardo]

On 17/07/12 11:14 PM, Syafril Hermansyah wrote:

 Bayesian score digunakan untuk koreksi terhadap default spam scoring
 spamassassin, kalau tidak diaktifkan maka pilihannya cuma melakukan
 adjustment terhadap spamscore value, spamfilter blacklist/whitelist.


Bayesian classification dan autolearning tadinya belum di enable, skr 
sudah di enable. Tapi SpamFilter sudah dienable sejak dulu. Apakah benar 
spt ini ?


thanks



Website : WWW.PTTDP.COM
---
DISCLAIMER :
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required please request a hard-copy version.
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[ attachment or non Plain-Text portion has been remove by MDaemon ]

[mdaemon-l] Email Spam

[Syafril Hermansyah]

On 07/18/2012 07:10 AM, Ivan Leonardo wrote:
 Bayesian classification dan autolearning tadinya belum di enable, skr
 sudah di enable. Tapi SpamFilter sudah dienable sejak dulu. Apakah benar
 spt ini ?

Ya.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 13.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[mdaemon-l] Email Spam

[Ivan Leonardo]

Sy ada beberapa kali terima email dlm bahasa india spt iklan/spam gitu, 
sudah 2x address tsb saya masukkan ke blacklist di MD, tapi tetap terima 
krn email sender berganti-ganti, padahal dari MD lolos bukan spam (score 
spamnya bagus).


Gimana ya solusinya ? apakah harus terus saya tambahkan ke blacklist di 
MD ? kalo ya makin lama bisa banyak donk listnya.


Thanks


Website : WWW.PTTDP.COM
---
DISCLAIMER :
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you should not 
disseminate, distribute or copy this e-mail. Please notify the sender 
immediately by e-mail if you have received this e-mail by mistake and delete 
this e-mail from your system. E-mail transmission cannot be guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or contain viruses. The sender therefore 
does not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required please request a hard-copy version.

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[mdaemon-l] Email Spam

[Syafril Hermansyah]

On 07/17/2012 08:31 AM, Ivan Leonardo wrote:
 Sy ada beberapa kali terima email dlm bahasa india spt iklan/spam gitu,
 sudah 2x address tsb saya masukkan ke blacklist di MD, tapi tetap terima
 krn email sender berganti-ganti, padahal dari MD lolos bukan spam (score
 spamnya bagus).

Perlihatkan mail header dari spam mail tersebut dan antispam log transkrip.

 Gimana ya solusinya ? apakah harus terus saya tambahkan ke blacklist di
 MD ? kalo ya makin lama bisa banyak donk listnya.

Kalau pakai domainpop ya memang apa boleh buat akan seperti itu,
kemampuan spam filteringnya hanya bisa pakai spamassassin content
filtering; sangat bergantung kepada kemauan mail hoster menghalau spam.

Dari MDaemon statistik, berapa persen spam mail yang diterima perhari?



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 13.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[mdaemon-l] Email Spam

[Ivan Leonardo]

On 17/07/12 9:25 AM, Syafril Hermansyah wrote:

Perlihatkan mail header dari spam mail tersebut dan antispam log transkrip.

SPAM LOG

Sat 2012-07-14 00:22:38: --
Sat 2012-07-14 00:32:33: Spam Filter processing 
c:\mdaemon\queues\local\md5131512.msg...

Sat 2012-07-14 00:32:33: * Message return-path: new...@learnalanguage.com
Sat 2012-07-14 00:32:33: * Message from: new...@learnalanguage.com
Sat 2012-07-14 00:32:33: * Message to: evi.sant...@pttdp.com
Sat 2012-07-14 00:32:33: * Message subject: ???  
?? ??? ?? 7 ??..
Sat 2012-07-14 00:32:33: * Message ID: 
274407$ipq...@irp3auth.truemail.co.th

Sat 2012-07-14 00:32:49: Start SpamAssassin results
Sat 2012-07-14 00:32:49: 2.80 points, 5.00 required
Sat 2012-07-14 00:32:49: * 1.5 MPART_ALT_DIFF_COUNT BODY: HTML and text 
parts are different

Sat 2012-07-14 00:32:49: * 0.0 HTML_MESSAGE BODY: HTML included in message
Sat 2012-07-14 00:32:49: * 1.3 RDNS_NONE Delivered to internal network 
by a host with no rDNS
Sat 2012-07-14 00:32:49: * 0.0 MSGID_FROM_MTA_HEADER Message-Id was 
added by a relay

Sat 2012-07-14 00:32:49: End SpamAssassin results

MESSAGE SOURCE

From - Tue Jul 17 10:56:19 2012
X-Account-Key: account5
X-UIDL: MD5004303:MSG:54595:30236957:2245066728
X-Mozilla-Status: 0001
X-Mozilla-Status2: 
X-Mozilla-Keys:
X-MDAV-Processed: webmail.pttdp.com, Sat, 14 Jul 2012 00:32:49 +0700
X-Spam-Processed: webmail.pttdp.com, Sat, 14 Jul 2012 00:32:33 +0700
Return-path:new...@learnalanguage.com
X-Spam-Level: **
X-Spam-Status: No, score=2.8 required=5.0 tests=HTML_MESSAGE,
MPART_ALT_DIFF_COUNT,MSGID_FROM_MTA_HEADER,RDNS_NONE shortcircuit=no
autolearn=disabled version=3.3.2
X-Spam-Report:
*  1.5 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
*  0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06)
Received: from pop.cbn.net.id ([202.158.81.40])
by pttdp.com (webmail.pttdp.com)
(MDaemon PRO v12.5.3)
with DomainPOP id md5075318.msg
forevi.sant...@pttdp.com; Sat, 14 Jul 2012 00:32:32 +0700
X-MDRemoteIP: 202.158.81.40
X-Return-Path: new...@learnalanguage.com
X-Envelope-From: new...@learnalanguage.com
X-MDaemon-Deliver-To: evi.sant...@pttdp.com
Envelope-to: evi.sant...@pttdp.com
Delivery-date: Sat, 14 Jul 2012 00:32:21 +0700
Received: from ip6.cbn.net.id ([125.208.145.67])
by host-5.int.cbn.net.id with esmtp (Exim 4.71)
(envelope-fromnew...@learnalanguage.com)
id 1Spjj3-00028j-Gt
for evi.sant...@pttdp.com; Sat, 14 Jul 2012 00:32:21 +0700
X-SBRS-Score: 5.6
X-HAT: Sender Group None, Policy $ACCEPTED applied.
X-CBN-ID: 863185664
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
AsgCAAZbAFDLkK3anGdsb2JhbABCA4JKgx6hWAGPPRoDfSIBAQEBAQgLCQkUJ4JBAQgDAQZCASI6AwQDAgQOESUGERMXh2cDCwyaKo5BiTsNiU4UgiqIGGaCVYIPgRIDBIhFjgOEGYVZh22BUw
X-IronPort-AV: E=Sophos;i=4.77,580,1336323600;
   d=scan'208,217;a=863185664
Delivered-To: evi.sant...@pttdp.com
Received: from irgb2.truemail.co.th ([203.144.173.218])
  by ip6-corp.int.cbn.net.id with ESMTP; 14 Jul 2012 00:32:19 +0700
Message-Id:274407$ipq...@irp3auth.truemail.co.th
X-Auth-ID: 2succ...@truemail.co.th
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
AiEHAAZbAFCrYlkZ/2dsb2JhbABCA4JKgx6hWAGPPRp/gQiCQQEIAwEGKRkBIQE6AwQDAgQfGA0GERMXh2cDCwyaKo5BiTsNiWKKQmaCVYIPDYEFAwSIRY4DhBmFWYUCgmuBUw
X-IronPort-AV: E=Sophos;i=4.77,580,1336323600;
   d=scan'208,217;a=631051194
Received: from cm-171-98-89-25.revip7.asianet.co.th (HELO noomnoy) 
([171.98.89.25])
  by irp3auth.truemail.co.th with ESMTP; 14 Jul 2012 00:31:30 +0700
MIME-Version: 1.0
From: 
=?utf-8?B?4LmC4LiG4Lip4LiT4Liy4LiY4Li44Lij4LiB4Li04LiIIOC5geC4muC4muC4h+C5iOC4suC4ouC5hOC4lOC5ieC4nOC4pQ==?=new...@learnalanguage.com
To: 
=?utf-8?B?4LmC4LiG4Lip4LiT4Liy4LiY4Li44Lij4LiB4Li04LiIIOC5geC4muC4muC4h+C5iOC4suC4ouC5hOC4lOC5ieC4nOC4pQ==?=nattha...@hotmail.com
Date: 14 Jul 2012 00:32:52 +0700
Subject: 
=?utf-8?B?4Lin4Li04LiY4Li14LmB4LiZ4Liw4LiZ4Liz4Liq4Li04LiZ4LiE4LmJ4LiyIOC4q+C4suC4quC4oeC4suC4iuC4tOC4gSDguKrguKPguYnguLLguIfguYDguITguKPguLfguK3guILguYjguLLguKIg4LmA4Lie4Li04LmI4Lih4Lii4Lit4LiU4LiC4Liy4LiiIOC4lOC5iOC4p+C4meC4nuC4o+C5ieC4reC4oeC5guC4muC4meC4seC4qiA3IOC4o+C4suC4ouC4geC4suC4oy4u?=
Content-Type: multipart/alternative;
 boundary=--boundary_13_4f3d55d2-d3b4-4155-9442-11626952417a


boundary_13_4f3d55d2-d3b4-4155-9442-11626952417a
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64




Website : WWW.PTTDP.COM
---
DISCLAIMER :
This message contains confidential information and is intended only for the 
individual named. If you are not the named addressee you 

[mdaemon-l] Email Spam

[Syafril Hermansyah]

Ivan Leonardo ivanleona...@pttdp.com wrote:

 Perlihatkan mail header dari spam mail tersebut dan antispam log
transkrip.
SPAM LOG


Sat 2012-07-14 00:32:49: Start SpamAssassin results
Sat 2012-07-14 00:32:49: 2.80 points, 5.00 required
Sat 2012-07-14 00:32:49: * 1.5 MPART_ALT_DIFF_COUNT BODY: HTML and text

parts are different
Sat 2012-07-14 00:32:49: * 0.0 HTML_MESSAGE BODY: HTML included in
message
Sat 2012-07-14 00:32:49: * 1.3 RDNS_NONE Delivered to internal network 
by a host with no rDNS
Sat 2012-07-14 00:32:49: * 0.0 MSGID_FROM_MTA_HEADER Message-Id was 
added by a relay
Sat 2012-07-14 00:32:49: End SpamAssassin results

Kok bayesian scorenya tidak muncul, apa memang tidak diaktifkan?


-- 
syafril

Syafril Hermansyah

Sent from my Android phone with K-9 Mail. Please excuse any typo and my brevity.

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam

[Jamaludin]

Dear Pak Syafril,

Ada salah satu dari user kami yang terima email spam terus padahal kalau
saya lihat dari log smtp-in, point spam scorenya itu sudah melebihi batas,
berikut lognya pak :

Sun 2012-05-27 22:58:51: --
Sun 2012-05-27 23:03:51: Session 8248; child 1; thread 0
Sun 2012-05-27 23:03:51: Accepting SMTP connection from [65.54.190.86:62210]
to
[192.168.1.3:25]
Sun 2012-05-27 23:03:51: -- 220 mail.eria.org ESMTP MDaemon 11.0.3; Sun, 27
May
2012 23:03:51 +0700
Sun 2012-05-27 23:03:51: -- EHLO bay0-omc2-s11.bay0.hotmail.com
Sun 2012-05-27 23:03:51: -- 250-mail.eria.org Hello
bay0-omc2-s11.bay0.hotmail.com,
pleased to meet you
Sun 2012-05-27 23:03:51: -- 250-ETRN
Sun 2012-05-27 23:03:51: -- 250-AUTH=LOGIN
Sun 2012-05-27 23:03:51: -- 250-AUTH LOGIN CRAM-MD5
Sun 2012-05-27 23:03:51: -- 250-8BITMIME
Sun 2012-05-27 23:03:51: -- 250 SIZE
Sun 2012-05-27 23:03:51: -- MAIL FROM:marisa_madam_mayo...@msn.com
Sun 2012-05-27 23:03:51: Performing PTR lookup (86.190.54.65.IN-ADDR.ARPA)
Sun 2012-05-27 23:03:52: *  D=86.190.54.65.IN-ADDR.ARPA TTL=(60)
PTR=[bay0-omc2-s11.bay0.hotmail.com]
Sun 2012-05-27 23:03:52: *  Gathering A records...
Sun 2012-05-27 23:03:52: *  D=bay0-omc2-s11.bay0.hotmail.com TTL=(60)
A=[65.54.190.86]
Sun 2012-05-27 23:03:52:  End PTR results
Sun 2012-05-27 23:03:52: Performing IP lookup
(bay0-omc2-s11.bay0.hotmail.com)
Sun 2012-05-27 23:03:52: *  D=bay0-omc2-s11.bay0.hotmail.com TTL=(60)
A=[65.54.190.86]
Sun 2012-05-27 23:03:52:  End IP lookup results
Sun 2012-05-27 23:03:52: Performing IP lookup (msn.com)
Sun 2012-05-27 23:03:52: *  D=msn.com TTL=(6) A=[65.55.206.228]
Sun 2012-05-27 23:03:52: *  P=005 S=000 D=msn.com TTL=(6)
MX=[mx2.hotmail.com]
Sun 2012-05-27 23:03:52: *  P=005 S=001 D=msn.com TTL=(6)
MX=[mx3.hotmail.com]
Sun 2012-05-27 23:03:52: *  P=005 S=002 D=msn.com TTL=(6)
MX=[mx4.hotmail.com]
Sun 2012-05-27 23:03:52: *  P=005 S=003 D=msn.com TTL=(6)
MX=[mx1.hotmail.com]
{65.54.188.126}
Sun 2012-05-27 23:03:52: *  D=msn.com TTL=(6) A=[65.55.206.228]
Sun 2012-05-27 23:03:52: *  D=msn.com TTL=(6) A=[65.55.206.228]
Sun 2012-05-27 23:03:52: *  D=msn.com TTL=(6) A=[65.55.206.228]
Sun 2012-05-27 23:03:52:  End IP lookup results
Sun 2012-05-27 23:03:52: -- 250 marisa_madam_mayo...@msn.com, Sender ok
Sun 2012-05-27 23:03:52: -- RCPT TO:fauziah@eria.org
Sun 2012-05-27 23:03:52: -- 250 fauziah@eria.org, Recipient ok
Sun 2012-05-27 23:03:52: -- DATA
Sun 2012-05-27 23:03:52: Creating temp file (SMTP):
d:\mdaemon\queues\temp\md5393560.tmp
Sun 2012-05-27 23:03:52: -- 354 Enter mail, end with CRLF.CRLF
Sun 2012-05-27 23:03:52: Message size: 19325 bytes
Sun 2012-05-27 23:03:52: Passing message through AntiVirus (Size: 19325)...
Sun 2012-05-27 23:03:53: *  Message is clean (no viruses found)
Sun 2012-05-27 23:03:53:  End AntiVirus results
Sun 2012-05-27 23:03:53: Passing message through Outbreak Protection...
Sun 2012-05-27 23:03:53: *  Message-ID:
bay150-w273fa57980ef8031b0bac7ce...@phx.gbl
Sun 2012-05-27 23:03:53: *  Reference-ID:
str=0001.0A150203.4FC2517F.0085,ss=1,re=0.000,fgs=0
Sun 2012-05-27 23:03:53: *  Virus result: 0 - Clean
Sun 2012-05-27 23:03:53: *  Spam result: 1 - Clean
Sun 2012-05-27 23:03:53: *  IWF result: 0 - Clean
Sun 2012-05-27 23:03:53:  End Outbreak Protection results
Sun 2012-05-27 23:03:53: Passing message through Spam Filter (Size:
19325)...
Sun 2012-05-27 23:03:53: *  1.6 MISSING_HEADERS Missing To: header
Sun 2012-05-27 23:03:53: *  0.7 URG_BIZ BODY: Contains urgent matter
Sun 2012-05-27 23:03:53: *  1.1 NA_DOLLARS BODY: Talks about a million North
American dollars
Sun 2012-05-27 23:03:53: *  0.0 HTML_MESSAGE BODY: HTML included in message
Sun 2012-05-27 23:03:53: *  2.0 ADVANCE_FEE_2 Appears to be advance fee
fraud
(Nigerian 419)
Sun 2012-05-27 23:03:53: *  1.4 ADVANCE_FEE_3 Appears to be advance fee
fraud
(Nigerian 419)
Sun 2012-05-27 23:03:53: *  1.5 ADVANCE_FEE_4 Appears to be advance fee
fraud
(Nigerian 419)
Sun 2012-05-27 23:03:53:  End SpamAssassin results
Sun 2012-05-27 23:03:53: Spam Filter score/req: 8.40/12.0
Sun 2012-05-27 23:03:53: Message creation successful:
d:\mdaemon\queues\inbound\md5790871.msg
Sun 2012-05-27 23:03:53: -- 250 Ok, message saved Message-ID:
bay150-w273fa57980ef8031b0bac7ce...@phx.gbl
Sun 2012-05-27 23:03:53: -- QUIT
Sun 2012-05-27 23:03:53: -- 221 See ya in cyberspace
Sun 2012-05-27 23:03:53: SMTP session successful (Bytes in/out: 19452/461)
Sun 2012-05-27 23:03:53: --

Mohon bantuannya pak.
Terima kasih

Regards,
Jamaludin

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam

[Syafril Hermansyah]

Jamaludin wrote on 28/05/12 16:40 +07:00:
 Ada salah satu dari user kami yang terima email spam terus padahal kalau
 saya lihat dari log smtp-in, point spam scorenya itu sudah melebihi batas,

 Sun 2012-05-27 23:03:53: Spam Filter score/req: 8.40/12.0

Spam scorenya belum melewati ambang/batas (threshold).
Di tag sebagai spam saja dari worldclient (move ke bayesian learning
system/spam agar menaikkan spam score untuk next incoming mail, atau
masukkan kedalam spam filter blacklist.

BTW. Besar amat kasih spam score limitnya (+12.0), default install hanya
+5.0 dan direject di score +12.0, di adjust saja.

http://mdaemon.dutaint.co.id/12.5.5/sf_spam_filtering.htm

Baca tips berikut:

http://www.mail-archive.com/mdaemon-l@dutaint.com/msg16353.html

catatan: baca thread lengkapnya, bukan hanya halaman itu saja.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 12.5.6 Release Edition
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam

[Syafril Hermansyah]

Jamaludin wrote on 28/05/12 17:51 +07:00:
 BTW. Besar amat kasih spam score limitnya (+12.0), default install hanya
 +5.0 dan direject di score +12.0, di adjust saja.
 Sudah diset ke +5.0 pak dari pertama install, capture settingannya ada di 
 attachment pak.
 Makanya saya juga bingung pak kenapa bisa lewat spamnya.

Karena spam scorenya belum melebihi +12.0, jadi hanya di tag
***SPAM...*** di subjectnya, tetapi diteruskan ke ke final recipient.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 12.5.6 Release Edition
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam

[Jamaludin]

Karena spam scorenya belum melebihi +12.0, jadi hanya di tag
***SPAM...*** di subjectnya, tetapi diteruskan ke ke final recipient.

Baik pak sekarang saya sudah ganti ke +5.0.
Terima kasih atas penjelasannya.

Regards,
Jamaludin

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam

[Syafril Hermansyah]

Jamaludin wrote on 28/05/12 18:11 +07:00:
 Karena spam scorenya belum melebihi +12.0, jadi hanya di tag
 ***SPAM...*** di subjectnya, tetapi diteruskan ke ke final recipient.
 Baik pak sekarang saya sudah ganti ke +5.0.

Jangan drastis seperti itu, apalagi masih pakai MD 11.x yang
spamassassin enginenya masih kuno, akan banyak false positive result.

Turunkan nilainya secara berangsur, disesuaikan dengan kerajinan feed up
bayesian learning system.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 12.5.6 Release Edition
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.6, SP 4.1.4, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam kembali muncul

[Jamaludin]

 Ya kalau MDaemon service direstart, tetapi isinya kosong.
 Kalau tidak, setelah di move, bisa refresh install MDaemon.

Terima kasih atas pencerahannya pak.
Mohon maaf dalam kesalahan posting di milist ini.

Regards,
Jamaludin

--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.3, SP 4.1.3, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam kembali muncul

[Syafril Hermansyah]

Jamaludin wrote on 04/04/12 10:16 +07:00:
 Mohon bantuannya pak, sudah 2 minggu ini user kami terima email spam.
 Sebagian ada yang masuk ke junk tetapi ada yang masuk ke inbox juga.
 Berikut ini saya lampirkan log smtp-in :
 
 Tue 2012-04-03 03:33:22: -- 220 mail.eria.org ESMTP MDaemon 11.0.3; Tue, 03
 Apr 2012 03:33:22 +0700
...
 Tue 2012-04-03 03:33:25: * -4.7 BAYES_00 BODY: Bayesian spam probability is
 0 to 1%

Bayesian database kelihatannya terkena polusi.
Dihapus saja dulu bayesian databasenya dengan delete/move isi file di
folder \\mdaemon\spamassassin\bayes

lalu restart mdaemon service, dan pastikan disable bayesian autolearning
karena di MD 11.x versi spamassassinnya rawan terkena polusi (bayesian
pollution).

http://mdaemon.dutaint.co.id/12.5.4/sf_bayesian_advanced_options.htm

[ ] Enable Bayesian automatic learning


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 12.5.4 Release Edition
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.3, SP 4.1.3, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam kembali muncul

[Jamaludin]

Dear Pak Syafril,

Terima kasih atas pencerahannya.
Isi dari folder \\mdaemon\spamassassin\bayes itu nantinya akan create lagi file 
yang sudah di move atau tidak pak?

Regards,
Jamaludin

-Original Message-
From: MDaemon-L@dutaint.com [mailto:MDaemon-L@dutaint.com] On Behalf Of Syafril 
Hermansyah
Sent: Wednesday, April 04, 2012 1:49 PM
To: Milis Komunitas MDaemon Indonesia
Subject: [MDaemon-L] Email spam kembali muncul

Jamaludin wrote on 04/04/12 10:16 +07:00:
 Mohon bantuannya pak, sudah 2 minggu ini user kami terima email spam.
 Sebagian ada yang masuk ke junk tetapi ada yang masuk ke inbox juga.
 Berikut ini saya lampirkan log smtp-in :
 
 Tue 2012-04-03 03:33:22: -- 220 mail.eria.org ESMTP MDaemon 11.0.3; Tue, 03
 Apr 2012 03:33:22 +0700
...
 Tue 2012-04-03 03:33:25: * -4.7 BAYES_00 BODY: Bayesian spam probability is
 0 to 1%

Bayesian database kelihatannya terkena polusi.
Dihapus saja dulu bayesian databasenya dengan delete/move isi file di
folder \\mdaemon\spamassassin\bayes

lalu restart mdaemon service, dan pastikan disable bayesian autolearning
karena di MD 11.x versi spamassassinnya rawan terkena polusi (bayesian
pollution).

http://mdaemon.dutaint.co.id/12.5.4/sf_bayesian_advanced_options.htm

[ ] Enable Bayesian automatic learning


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 12.5.4 Release Edition
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.3, SP 4.1.3, OC 2.2.9, SG 2.0.7, PP 2.0.0


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.3, SP 4.1.3, OC 2.2.9, SG 2.0.7, PP 2.0.0

[MDaemon-L] Email spam kembali muncul

[Syafril Hermansyah]

Jamaludin wrote on 04/04/12 14:36 +07:00:

---
Mohon tidak posting dengan gaya top posting di milis ini.
http://en.wikipedia.org/wiki/Posting_style

selalu gunakan bottom posting untuk kemudahan pembacaan.
Bottom posting butuh disiplin dalam trimming text, hapus teks yang
dikutip ulang sisakan yang sesuai dengan konteks yang akan diresponse saja.

http://wiki.openstack.org/MailingListEtiquette
---

 Isi dari folder \\mdaemon\spamassassin\bayes itu nantinya akan create
 lagi file yang sudah di move atau tidak pak?

Ya kalau MDaemon service direstart, tetapi isinya kosong.
Kalau tidak, setelah di move, bisa refresh install MDaemon.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 12.5.4 Release Edition
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.


--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 12.5.3, SP 4.1.3, OC 2.2.9, SG 2.0.7, PP 2.0.0