[mdaemon-l] pop yang aneh
DH, Sorry kalau OOT Dari penggalan MDaemon-20070627-POP.log , kira-kira apa yang menyebabkan user [EMAIL PROTECTED] secara otomatis mengirimkan email ya? Masalah ada di user [EMAIL PROTECTED] atau di [EMAIL PROTECTED] --- Wed 2007-06-27 14:44:02: Accepting POP connection from [131.107.210.37 : 1120] Wed 2007-06-27 14:44:02: -- +OK araksa.com POP MDaemon 9.5.5 ready [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- user sms Wed 2007-06-27 14:44:02: -- +OK sms... User ok Wed 2007-06-27 14:44:02: -- PASS ** Wed 2007-06-27 14:44:02: -- +OK [EMAIL PROTECTED]'s mailbox has 1 total messages (27671 octets) Wed 2007-06-27 14:44:02: -- stat Wed 2007-06-27 14:44:02: -- +OK 1 27671 Wed 2007-06-27 14:44:02: -- top 1 1 Wed 2007-06-27 14:44:02: Sending TOP response msg: 1 (not logged) Wed 2007-06-27 14:44:02: -- +OK Wed 2007-06-27 14:44:02: -- Return-path: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- Authentication-Results: mailserver.araksa.com Wed 2007-06-27 14:44:02: -- [EMAIL PROTECTED]; auth=pass Wed 2007-06-27 14:44:02: -- Received: from mkspc by araksa.com Wed 2007-06-27 14:44:02: -- (MDaemon PRO v9.5.5) Wed 2007-06-27 14:44:02: -- with ESMTP id md50002861997.msg Wed 2007-06-27 14:44:02: -- for [EMAIL PROTECTED]; Wed, 27 Jun 2007 14:43:46 +0700 Wed 2007-06-27 14:44:02: -- Reply-To: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- From: SMS Server [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- To: 'Loss Ratio' [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- Subject: [lossratio] Wed 2007-06-27 14:44:02: -- Date: Wed, 27 Jun 2007 14:44:59 +0700 Wed 2007-06-27 14:44:02: -- Message-ID: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- MIME-Version: 1.0 Wed 2007-06-27 14:44:02: -- Content-Type: multipart/alternative; Wed 2007-06-27 14:44:02: -- boundary==_NextPart_000_0011_01C7B8C9.BCDC4D00 Wed 2007-06-27 14:44:02: -- X-Mailer: Microsoft Office Outlook 12.0 Wed 2007-06-27 14:44:02: -- thread-index: Ace3jauQwS8CeMBgR8+zrola752nEA== Wed 2007-06-27 14:44:02: -- X-Authenticated-Sender: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- X-Spam-Processed: mailserver.araksa.com, Wed, 27 Jun 2007 14:43:46 +0700 Wed 2007-06-27 14:44:02: -- (not processed: message from valid local sender) Wed 2007-06-27 14:44:02: -- X-MDRcpt-To: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- X-Rcpt-To: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- X-MDRemoteIP: 131.107.210.180 Wed 2007-06-27 14:44:02: -- Sender: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- Precedence: bulk Wed 2007-06-27 14:44:02: -- X-MDMailing-List: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- X-MDSend-Notifications-To: [trash] Wed 2007-06-27 14:44:02: -- X-Envelope-From: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- X-MDaemon-Deliver-To: [EMAIL PROTECTED] Wed 2007-06-27 14:44:02: -- X-MDAV-Processed: mailserver.araksa.com, Wed, 27 Jun 2007 14:43:54 +0700 Wed 2007-06-27 14:44:02: -- Wed 2007-06-27 14:44:02: -- This is a multipart message in MIME format. Wed 2007-06-27 14:44:02: -- . Wed 2007-06-27 14:44:03: -- dele 1 Wed 2007-06-27 14:44:03: -- +OK message 1 deleted Wed 2007-06-27 14:44:03: -- quit Wed 2007-06-27 14:44:03: -- +OK [EMAIL PROTECTED] araksa.com POP Server signing off (mailbox empty) Wed 2007-06-27 14:44:03: POP session complete (Bytes in/out: 54/1616) Wed 2007-06-27 14:44:03: -- Thanks, -- Herman -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format Plain-text Arsip : http://mdaemon-l.dutaint.com Henti Langgan : mailto:[EMAIL PROTECTED] Berlangganan : mailto:[EMAIL PROTECTED] Versi Terakhir : MD 9.6.0, MDSP 3.0.4, MDOC 2.1.5
[mdaemon-l] pop yang aneh
On 27/06/07 16:02 +07:00 Herman wrote: Dari penggalan MDaemon-20070627-POP.log , kira-kira apa yang menyebabkan user [EMAIL PROTECTED] secara otomatis mengirimkan email ya? Masalah ada di user [EMAIL PROTECTED] atau di [EMAIL PROTECTED] kelihatannya tdk otomatis tp memang sengaja user [EMAIL PROTECTED] kirim mail ke milis [EMAIL PROTECTED] dimana [EMAIL PROTECTED] jadi membernya. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 9.6.0 R under WinXP Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format Plain-text Arsip : http://mdaemon-l.dutaint.com Henti Langgan : mailto:[EMAIL PROTECTED] Berlangganan : mailto:[EMAIL PROTECTED] Versi Terakhir : MD 9.6.0, MDSP 3.0.4, MDOC 2.1.5
[mdaemon-l] pop yang aneh
Syafril Hermansyah wrote: On 27/06/07 16:02 +07:00 Herman wrote: Dari penggalan MDaemon-20070627-POP.log , kira-kira apa yang menyebabkan user [EMAIL PROTECTED] secara otomatis mengirimkan email ya? Masalah ada di user [EMAIL PROTECTED] atau di [EMAIL PROTECTED] kelihatannya tdk otomatis tp memang sengaja user [EMAIL PROTECTED] kirim mail ke milis [EMAIL PROTECTED] dimana [EMAIL PROTECTED] jadi membernya. [EMAIL PROTECTED] bisa dipastikan tidak mengirim dengan sengaja. Di ms outlooknya juga tidak ada rules yang membuat dia otomatis kirim email tersebut. Ada ide kira-kira apa penyebabnya? FYI, email hasil kiriman 'otomatis' itu sendernya bukan [EMAIL PROTECTED] tetapi [EMAIL PROTECTED] redirect gitu. Thanks, -- Herman -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format Plain-text Arsip : http://mdaemon-l.dutaint.com Henti Langgan : mailto:[EMAIL PROTECTED] Berlangganan : mailto:[EMAIL PROTECTED] Versi Terakhir : MD 9.6.0, MDSP 3.0.4, MDOC 2.1.5
[mdaemon-l] pop yang aneh
On 27/06/07 16:18 +07:00 Herman wrote: [EMAIL PROTECTED] bisa dipastikan tidak mengirim dengan sengaja. Di ms outlooknya juga tidak ada rules yang membuat dia otomatis kirim email tersebut. Ada ide kira-kira apa penyebabnya? Coba check ke smtp-in log utk transaksi tsb (search by message-ID). FYI, email hasil kiriman 'otomatis' itu sendernya bukan [EMAIL PROTECTED] tetapi [EMAIL PROTECTED] redirect gitu. check forward.dat apakah ada account yg autoforward ke [EMAIL PROTECTED] -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 9.6.0 R under WinXP Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format Plain-text Arsip : http://mdaemon-l.dutaint.com Henti Langgan : mailto:[EMAIL PROTECTED] Berlangganan : mailto:[EMAIL PROTECTED] Versi Terakhir : MD 9.6.0, MDSP 3.0.4, MDOC 2.1.5
[mdaemon-l] pop yang aneh
Syafril Hermansyah wrote: On 27/06/07 16:18 +07:00 Herman wrote: [EMAIL PROTECTED] bisa dipastikan tidak mengirim dengan sengaja. Di ms outlooknya juga tidak ada rules yang membuat dia otomatis kirim email tersebut. Ada ide kira-kira apa penyebabnya? Coba check ke smtp-in log utk transaksi tsb (search by message-ID). udah search by message-ID , gak ada transaksi tersebut di smtp-in log.. mhm virus? check forward.dat apakah ada account yg autoforward ke [EMAIL PROTECTED] sudah di check, tidak ada autoforward. Thanks, -- Herman -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format Plain-text Arsip : http://mdaemon-l.dutaint.com Henti Langgan : mailto:[EMAIL PROTECTED] Berlangganan : mailto:[EMAIL PROTECTED] Versi Terakhir : MD 9.6.0, MDSP 3.0.4, MDOC 2.1.5
[mdaemon-l] pop yang aneh
On 27/06/07 16:50 +07:00 Herman wrote: Coba check ke smtp-in log utk transaksi tsb (search by message-ID). udah search by message-ID , gak ada transaksi tersebut di smtp-in log.. mhm virus? mestinya bukan, virus belum sesakti itu bisa melakukan smtpauth. IP 131.107.210.180 milik siapa ? lihat transaksi Wed 2007-06-27 14:44:02 di smtp-in log dan routing log. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 9.6.0 R under WinXP Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Mohon tidak posting dengan format HTML, pastikan selalu menggunakan Format Plain-text Arsip : http://mdaemon-l.dutaint.com Henti Langgan : mailto:[EMAIL PROTECTED] Berlangganan : mailto:[EMAIL PROTECTED] Versi Terakhir : MD 9.6.0, MDSP 3.0.4, MDOC 2.1.5
[mdaemon-l] pop yang aneh
Syafril Hermansyah wrote: mestinya bukan, virus belum sesakti itu bisa melakukan smtpauth. IP 131.107.210.180 milik siapa ? lihat transaksi Wed 2007-06-27 14:44:02 di smtp-in log dan routing log. milik [EMAIL PROTECTED] di smtp-in log dan routing log tidak ada transaksi dengan jam segitu, tapi beberapa menit sebelumnya. transaksi di smtp-in log Wed 2007-06-27 14:43:26: -- Wed 2007-06-27 14:43:44: Session 2637; child 2; thread 17244 Wed 2007-06-27 14:43:40: Accepting SMTP connection from [131.107.210.180 : 1845] Wed 2007-06-27 14:43:40: -- 220 araksa.com ESMTP MDaemon 9.5.5; Wed, 27 Jun 2007 14:43:40 +0700 Wed 2007-06-27 14:43:40: -- EHLO mkspc Wed 2007-06-27 14:43:40: -- 250-araksa.com Hello mkspc, pleased to meet you Wed 2007-06-27 14:43:40: -- 250-ETRN Wed 2007-06-27 14:43:40: -- 250-AUTH=LOGIN Wed 2007-06-27 14:43:40: -- 250-AUTH LOGIN CRAM-MD5 Wed 2007-06-27 14:43:40: -- 250-8BITMIME Wed 2007-06-27 14:43:40: -- 250-STARTTLS Wed 2007-06-27 14:43:40: -- 250 SIZE 0 Wed 2007-06-27 14:43:40: -- AUTH LOGIN Wed 2007-06-27 14:43:40: -- 334 VXNlcm5hbWU6 Wed 2007-06-27 14:43:40: -- bWFydGlu Wed 2007-06-27 14:43:40: -- 334 UGFzc3dvcmQ6 Wed 2007-06-27 14:43:40: -- ** Wed 2007-06-27 14:43:40: -- 235 Authentication successful Wed 2007-06-27 14:43:40: Authenticated as [EMAIL PROTECTED] Wed 2007-06-27 14:43:40: -- MAIL FROM: [EMAIL PROTECTED] Wed 2007-06-27 14:43:40: -- 250 [EMAIL PROTECTED], Sender ok Wed 2007-06-27 14:43:40: -- RCPT TO: [EMAIL PROTECTED] Wed 2007-06-27 14:43:40: -- 250 [EMAIL PROTECTED], Recipient ok Wed 2007-06-27 14:43:40: -- DATA Wed 2007-06-27 14:43:40: Creating temp file (SMTP): d:\mdaemon\temp\md50001489248.tmp Wed 2007-06-27 14:43:40: -- 354 Enter mail, end with CRLF.CRLF Wed 2007-06-27 14:43:40: Message size: 30378 bytes Wed 2007-06-27 14:43:40: Passing message through AntiVirus (Size: 30378)... Wed 2007-06-27 14:43:40: * Message is clean (no viruses found) Wed 2007-06-27 14:43:40: End AntiVirus results Wed 2007-06-27 14:43:40: Message creation successful: d:\mdaemon\inbound\md50002861995.msg Wed 2007-06-27 14:43:40: -- 250 Ok, message saved Message-ID: [EMAIL PROTECTED] Wed 2007-06-27 14:43:40: -- MAIL FROM: [EMAIL PROTECTED] Wed 2007-06-27 14:43:40: -- 250 [EMAIL PROTECTED], Sender ok Wed 2007-06-27 14:43:40: -- RCPT TO: [EMAIL PROTECTED] Wed 2007-06-27 14:43:40: -- 250 [EMAIL PROTECTED], Recipient ok Wed 2007-06-27 14:43:40: -- DATA Wed 2007-06-27 14:43:40: Creating temp file (SMTP): d:\mdaemon\temp\md50001489249.tmp Wed 2007-06-27 14:43:40: -- 354 Enter mail, end with CRLF.CRLF Wed 2007-06-27 14:43:41: Message size: 26009 bytes Wed 2007-06-27 14:43:41: Passing message through AntiVirus (Size: 26009)... Wed 2007-06-27 14:43:41: * Message is clean (no viruses found) Wed 2007-06-27 14:43:41: End AntiVirus results Wed 2007-06-27 14:43:41: Message creation successful: d:\mdaemon\inbound\md50002861996.msg Wed 2007-06-27 14:43:41: -- 250 Ok, message saved Message-ID: [EMAIL PROTECTED] Wed 2007-06-27 14:43:41: -- MAIL FROM: [EMAIL PROTECTED] Wed 2007-06-27 14:43:41: -- 250 [EMAIL PROTECTED], Sender ok Wed 2007-06-27 14:43:41: -- RCPT TO: [EMAIL PROTECTED] Wed 2007-06-27 14:43:41: -- 250 [EMAIL PROTECTED], Recipient ok Wed 2007-06-27 14:43:41: -- DATA Wed 2007-06-27 14:43:41: Creating temp file (SMTP): d:\mdaemon\temp\md50001489250.tmp Wed 2007-06-27 14:43:41: -- 354 Enter mail, end with CRLF.CRLF Wed 2007-06-27 14:43:41: Message size: 26912 bytes Wed 2007-06-27 14:43:41: Passing message through AntiVirus (Size: 26912)... Wed 2007-06-27 14:43:41: * Message is clean (no viruses found) Wed 2007-06-27 14:43:41: End AntiVirus results Wed 2007-06-27 14:43:41: Message creation successful: d:\mdaemon\inbound\md50002861997.msg Wed 2007-06-27 14:43:41: -- 250 Ok, message saved Message-ID: [EMAIL PROTECTED] Wed 2007-06-27 14:43:41: -- MAIL FROM: [EMAIL PROTECTED] Wed 2007-06-27 14:43:41: -- 250 [EMAIL PROTECTED], Sender ok Wed 2007-06-27 14:43:41: -- RCPT TO: [EMAIL PROTECTED] Wed 2007-06-27 14:43:41: -- 250 [EMAIL PROTECTED], Recipient ok Wed 2007-06-27 14:43:41: -- DATA Wed 2007-06-27 14:43:41: Creating temp file (SMTP): d:\mdaemon\temp\md50001489251.tmp Wed 2007-06-27 14:43:41: -- 354 Enter mail, end with CRLF.CRLF Wed 2007-06-27 14:43:42: Message size: 23388 bytes Wed 2007-06-27 14:43:42: Passing message through AntiVirus (Size: 23388)... Wed 2007-06-27 14:43:42: * Message is clean (no viruses found) Wed 2007-06-27 14:43:42: End AntiVirus results Wed 2007-06-27 14:43:42: Message creation successful: d:\mdaemon\inbound\md50002861998.msg Wed 2007-06-27 14:43:42: -- 250 Ok, message saved Message-ID: [EMAIL PROTECTED] Wed 2007-06-27 14:43:44: -- QUIT Wed 2007-06-27 14:43:44: -- 221 See ya in cyberspace Wed 2007-06-27 14:43:44: SMTP session successful (Bytes in/out: 107039/1068) Wed 2007-06-27 14:43:44: -- - ketiga email diatas tidak dikirim oleh yang bersangkutan, tapi oleh email client