[MDaemon-L] mdaemon-L@dutaint.com mailing list subscription reminder
RE-Minder From: MDaemon at dip37.dutaint.com [mailto:mdae...@dutaint.com] Sent: Monday, May 01, 2017 2:09 AM To: i...@tugu-re.com Subject: mdaemon-L@dutaint.com mailing list subscription reminder This is a reminder, sent out once per month, to remind you about your subscription to the mdaemon-L@dutaint.com mailing list. To unsubscribe from this mailing list send an email to mdae...@dutaint.com with "unsubscribe" as the subject or click here. This is an automated message. Please do not respond. Disclaimer : This message is for designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. No responsibility is accepted by PT. Tugu Reasuransi Indonesia for any loss or damage arising as a result of e-mail transmission or any way from its use. -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Mail Server MDaemon sudah ter-inject Malware
Dear Pak Syafril, Kami mempunyai Kendala tentang MailServer kami yang sudah ter-inject Malware, sempat kami lakukan pengecekan melalui SafeMode Server dan proses Scanning, akan tetapi sepertinya Installer MDaemon yang ada di server sudah terlanjur ter-Infect malware hingga masuk ke sistem Applikasi MDaemon kami. Saat ini kami menggunakan Windows Server 2008 R2, dan saat ini EmailServer masih bisa untuk proses Send/Receive Email, akan tetapi Worldclient(Webmail) untuk saat ini kami In-Active-kan karena adanya blocking dari Google.com untuk akses Worldclient kami karena adanya kendala Malware tersebut. kami minta rujukan untuk hal berikut ini pak : 1. Untuk proses backup Account email yang saat ini berjalan/active, karena kami berencana untuk proses re-install Server/MDaemon Email server, bagaimana dengan status Register/Activation MDaemon yang sudah berjalan saat ini. 2. Kami menggunakan Outlook Connector, apa yang harus kami lakukan di Email Server yang baru setelah proses re-install Server kami, untuk meng-aktifkan Outlook Connector tersebut, termasuk Register/Activation Outlook Connector yang sudah berjalan saat ini. 3. Untuk pengaktifan MAC Address Server, seandainya ada perubahan MAC Address. mohon bantuan dan suggestion-nya pak Syafril. Terimakasih Sartono Disclaimer : This message is for designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. No responsibility is accepted by PT. Tugu Reasuransi Indonesia for any loss or damage arising as a result of e-mail transmission or any way from its use. -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1
[MDaemon-L] Email dengan domain sendiri tetapi bukan dari list email yang terdaftar/yang kita create
Dear pak Syafriel,
1. beberapa hari (2-3) ini, email di tempat kami masuk email-email yang
menurut kami, bukan dari kami dan bahkan tidak terlist di daftar email
kami, bahkan di log email yang kami check banyak email dengan nama
domain kami, tetapi ownernya tidak ada, berikut 2 contoh log email yang
kami maksud :
Sat 2015-02-28 04:57:26.156: [758924] Session 758924; child 0003
Sat 2015-02-28 04:57:26.156: [758924] Accepting SMTP connection from
[113.161.160.247:34714] to [192.168.0.245:25]
Sat 2015-02-28 04:57:26.157: [758924] -- 220 mail.tugu-re.com ESMTP
MDaemon 14.5.0; Sat, 28 Feb 2015 04:57:26 +0700
Sat 2015-02-28 04:57:26.262: [758924] -- EHLO static.vdc.vn
Sat 2015-02-28 04:57:26.263: [758924] -- 250-mail.tugu-re.com Hello
static.vdc.vn, pleased to meet you
Sat 2015-02-28 04:57:26.263: [758924] -- 250-ETRN
Sat 2015-02-28 04:57:26.263: [758924] -- 250-AUTH LOGIN CRAM-MD5 PLAIN
Sat 2015-02-28 04:57:26.263: [758924] -- 250-8BITMIME
Sat 2015-02-28 04:57:26.263: [758924] -- 250-ENHANCEDSTATUSCODES
Sat 2015-02-28 04:57:26.263: [758924] -- 250-STARTTLS
Sat 2015-02-28 04:57:26.263: [758924] -- 250 SIZE 3072
*_Sat 2015-02-28 04:57:26.367: [758924] -- MAIL
From:cast...@tugu-re.com_*
Sat 2015-02-28 04:57:26.367: [758924] Performing PTR lookup
(247.160.161.113.IN-ADDR.ARPA)
Sat 2015-02-28 04:57:26.370: [758924] * D=247.160.161.113.IN-ADDR.ARPA
TTL=(1232) PTR=[static.vdc.vn]
Sat 2015-02-28 04:57:26.370: [758924] * Gathering A records...
Sat 2015-02-28 04:57:26.372: [758924] * D=static.vdc.vn TTL=(1376)
A=[203.162.0.78]
Sat 2015-02-28 04:57:26.372: [758924] End PTR results
Sat 2015-02-28 04:57:26.372: [758924] Performing IP lookup (static.vdc.vn)
Sat 2015-02-28 04:57:26.376: [758924] * D=static.vdc.vn TTL=(1376)
A=[203.162.0.78]
Sat 2015-02-28 04:57:26.376: [758924] End IP lookup results
Sat 2015-02-28 04:57:26.376: [758924] Performing IP lookup (tugu-re.com)
Sat 2015-02-28 04:57:26.378: [758924] * D=tugu-re.com TTL=(175)
A=[67.228.114.144]
Sat 2015-02-28 04:57:26.380: [758924] * P=000 S=000 D=tugu-re.com
TTL=(175) MX=[mail.tugu-re.com] {202.137.21.180}
Sat 2015-02-28 04:57:26.380: [758924] End IP lookup results
Sat 2015-02-28 04:57:26.381: [758924] -- 550 5.1.1 Sender unknown
Sat 2015-02-28 04:57:26.487: [758924] * Winsock Error 10054
Sat 2015-02-28 04:57:26.487: [758924] SMTP session terminated (Bytes
in/out: 53/278)
Sat 2015-02-28 04:57:26.487: --
contoh lainnya
Sat 2015-02-28 04:57:24.231: [758923] Session 758923; child 0004
Sat 2015-02-28 04:57:24.231: [758923] Accepting SMTP connection from
[179.108.53.226:35062] to [192.168.0.245:25]
Sat 2015-02-28 04:57:24.233: [758923] -- 220 mail.tugu-re.com ESMTP
MDaemon 14.5.0; Sat, 28 Feb 2015 04:57:24 +0700
Sat 2015-02-28 04:57:24.690: [758923] -- EHLO
ip-179.108.53.226.redeatel.com.br
Sat 2015-02-28 04:57:24.690: [758923] -- 250-mail.tugu-re.com Hello
ip-179.108.53.226.redeatel.com.br, pleased to meet you
Sat 2015-02-28 04:57:24.690: [758923] -- 250-ETRN
Sat 2015-02-28 04:57:24.690: [758923] -- 250-AUTH LOGIN CRAM-MD5 PLAIN
Sat 2015-02-28 04:57:24.690: [758923] -- 250-8BITMIME
Sat 2015-02-28 04:57:24.690: [758923] -- 250-ENHANCEDSTATUSCODES
Sat 2015-02-28 04:57:24.690: [758923] -- 250-STARTTLS
Sat 2015-02-28 04:57:24.690: [758923] -- 250 SIZE 3072
_*Sat 2015-02-28 04:57:25.157: [758923] -- MAIL From:co...@tugu-re.com*_
Sat 2015-02-28 04:57:25.157: [758923] Performing PTR lookup
(226.53.108.179.IN-ADDR.ARPA)
Sat 2015-02-28 04:57:25.903: [758923] * D=226.53.108.179.IN-ADDR.ARPA
TTL=(1108) PTR=[ip-179.108.53.226.redeatel.com.br]
Sat 2015-02-28 04:57:25.903: [758923] * Gathering A records...
Sat 2015-02-28 04:57:26.869: [758923] * No A records found
Sat 2015-02-28 04:57:26.869: [758923] End PTR results
Sat 2015-02-28 04:57:26.869: [758923] Performing IP lookup
(ip-179.108.53.226.redeatel.com.br)
Sat 2015-02-28 04:57:26.871: [758923] * Error: * Name server reports
domain name unknown
Sat 2015-02-28 04:57:26.871: [758923] End IP lookup results
Sat 2015-02-28 04:57:26.872: [758923] Performing IP lookup (tugu-re.com)
Sat 2015-02-28 04:57:26.873: [758923] * D=tugu-re.com TTL=(175)
A=[67.228.114.144]
Sat 2015-02-28 04:57:26.874: [758923] * P=000 S=000 D=tugu-re.com
TTL=(175) MX=[mail.tugu-re.com] {202.137.21.180}
Sat 2015-02-28 04:57:26.874: [758923] End IP lookup results
Sat 2015-02-28 04:57:26.875: [758923] -- 550 5.1.1 Sender unknown
Sat 2015-02-28 04:57:27.343: [758923] * Winsock Error 10054
Sat 2015-02-28 04:57:27.343: [758923] SMTP session terminated (Bytes
in/out: 71/298)
Sat 2015-02-28 04:57:27.344: --
ini kira-kira knapa ya pak ?
2. Dan yang lebih mengganggu di user kami pak, ada email di mana
pengirim maupun tujuan Email adalah sama, dan itupun terjadi belum lama
ini, dan subject email untuk email tersebut, hanya 3 Subject Email
(sepeti di Log di bawah), dan itu terjadi di banyak user kami pak,
contoh Log emailnya :
Sat 2015-02-28 06:03:20.364:
