Dear Pak Syafril, Ada 1 user kami emailnya di disabled oleh MD , setelah saya cek karena ada beberapa kali pengiriman ke email luar , namun pengirimnya bukan dari si user kami tersebut. apakah artinya email user kami sudah di hack ? Lalu bagaimana antisipasi dan penangannya bila hal tersebut terjadi ?
berikut log dari MD ================================================= D:\MDaemon\Logs\MDaemon-2016-10-17-SMTP-(in).log ================================================= Mon 2016-10-17 19:06:20.681: 01: ---------- Mon 2016-10-17 19:06:17.475: 05: [564083] Session 564083; child 0003 Mon 2016-10-17 19:06:17.475: 05: [564083] Accepting SMTP connection from 104.237.219.181:60502 to 192.168.10.254:25 Mon 2016-10-17 19:06:17.475: 03: [564083] --> 220 pttms.co.id ESMTP MDaemon 16.5.0; Mon, 17 Oct 2016 19:06:17 +0700 Mon 2016-10-17 19:06:17.702: 02: [564083] <-- ehlo [104.237.219.181] Mon 2016-10-17 19:06:17.704: 03: [564083] --> 250-pttms.co.id Hello [104.237.219.181] [104.237.219.181], pleased to meet you Mon 2016-10-17 19:06:17.704: 03: [564083] --> 250-ETRN Mon 2016-10-17 19:06:17.704: 03: [564083] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2016-10-17 19:06:17.704: 03: [564083] --> 250-8BITMIME Mon 2016-10-17 19:06:17.704: 03: [564083] --> 250-ENHANCEDSTATUSCODES Mon 2016-10-17 19:06:17.704: 03: [564083] --> 250 SIZE 30720000 Mon 2016-10-17 19:06:17.931: 02: [564083] <-- AUTH LOGIN ZW5nLnNjckBwdHRtcy5jby5pZA== Mon 2016-10-17 19:06:17.931: 03: [564083] --> 334 UGFzc3dvcmQ6 Mon 2016-10-17 19:06:18.158: 02: [564083] <-- ****** Mon 2016-10-17 19:06:18.158: 03: [564083] --> 235 2.7.0 Authentication successful Mon 2016-10-17 19:06:18.158: 01: [564083] Authenticated as eng....@pttms.co.id Mon 2016-10-17 19:06:18.385: 02: [564083] <-- mail FROM:<eng....@pttms.co.id> size=3114 Mon 2016-10-17 19:06:18.385: 03: [564083] --> 250 2.1.0 Sender OK Mon 2016-10-17 19:06:18.616: 02: [564083] <-- rcpt TO:< eng_integra...@yahoo.com> Mon 2016-10-17 19:06:18.616: 03: [564083] --> 250 2.1.5 Recipient OK Mon 2016-10-17 19:06:18.852: 02: [564083] <-- data Mon 2016-10-17 19:06:18.852: 01: [564083] Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000015761.tmp Mon 2016-10-17 19:06:18.852: 03: [564083] --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2016-10-17 19:06:19.307: 01: [564083] Message size: 3184 bytes Mon 2016-10-17 19:06:19.308: 06: [564083] Passing message through AntiVirus (Size: 3184)... Mon 2016-10-17 19:06:19.308: 06: [564083] * Recipient or sender in exclusion list Mon 2016-10-17 19:06:19.308: 06: [564083] ---- End AntiVirus results Mon 2016-10-17 19:06:19.539: 01: [564083] Message creation successful: d:\mdaemon\queues\inbound\md50000319748.msg Mon 2016-10-17 19:06:19.539: 03: [564083] --> 250 2.6.0 Ok, message saved Mon 2016-10-17 19:06:19.540: 02: [564083] <-- mail FROM:<eng....@pttms.co.id> size=3113 Mon 2016-10-17 19:06:19.540: 03: [564083] --> 250 2.1.0 Sender OK Mon 2016-10-17 19:06:19.767: 02: [564083] <-- rcpt TO:< elsokkary_...@yahoo.com> Mon 2016-10-17 19:06:19.768: 03: [564083] --> 250 2.1.5 Recipient OK Mon 2016-10-17 19:06:19.994: 02: [564083] <-- data Mon 2016-10-17 19:06:19.995: 01: [564083] Creating temp file (SMTP): d:\mdaemon\queues\temp\md50000015764.tmp Mon 2016-10-17 19:06:19.995: 03: [564083] --> 354 Enter mail, end with <CRLF>.<CRLF> Mon 2016-10-17 19:06:20.224: 01: [564083] Message size: 3183 bytes Mon 2016-10-17 19:06:20.225: 06: [564083] Passing message through AntiVirus (Size: 3183)... Mon 2016-10-17 19:06:20.225: 06: [564083] * Recipient or sender in exclusion list Mon 2016-10-17 19:06:20.225: 06: [564083] ---- End AntiVirus results Mon 2016-10-17 19:06:20.453: 01: [564083] Message creation successful: d:\mdaemon\queues\inbound\md50000319751.msg Mon 2016-10-17 19:06:20.453: 03: [564083] --> 250 2.6.0 Ok, message saved Mon 2016-10-17 19:06:20.454: 02: [564083] <-- mail FROM:<eng....@pttms.co.id> size=3109 Mon 2016-10-17 19:06:20.454: 03: [564083] --> 250 2.1.0 Sender OK Mon 2016-10-17 19:06:20.686: 02: [564083] <-- rcpt TO:<elriad...@yahoo.com> Mon 2016-10-17 19:06:20.687: 03: [564083] --> 550 5.7.0 Too many messages in too short a time frame Mon 2016-10-17 19:06:20.687: 01: [564083] Hijack detection has frozen the eng....@pttms.co.id account Mon 2016-10-17 19:06:20.689: 01: [564083] SMTP session successful (Bytes in/out: 6695/609) ================================================= D:\MDaemon\Logs\MDaemon-2016-10-17-SMTP-(out).log ================================================= Mon 2016-10-17 19:06:22.017: 01: ---------- Mon 2016-10-17 19:06:21.995: 05: [564091] Session 564091; child 0037 Mon 2016-10-17 19:06:21.995: 01: [564091] Parsing message <d:\mdaemon\queues\remote\pd35000116854.msg> Mon 2016-10-17 19:06:21.996: 01: [564091] * From: eng....@pttms.co.id Mon 2016-10-17 19:06:21.996: 01: [564091] * To: eng_integra...@yahoo.com Mon 2016-10-17 19:06:21.996: 01: [564091] * Subject: Security Warning!! Do not ignore Mon 2016-10-17 19:06:21.996: 01: [564091] * Size (bytes): 8925 Mon 2016-10-17 19:06:21.996: 01: [564091] * Message-ID: Mon 2016-10-17 19:06:21.997: 01: [564091] Message moved to holding queue because sending account is disabled Mon 2016-10-17 19:06:22.018: 04: [564091] SMTP session terminated (Bytes in/out: 0/0) Mon 2016-10-17 20:15:48.791: 01: ---------- Mon 2016-10-17 20:15:48.764: 05: [564349] Session 564349; child 0007 Mon 2016-10-17 20:15:48.764: 01: [564349] Parsing message <d:\mdaemon\queues\remote\pd50000116872.msg> Mon 2016-10-17 20:15:48.765: 01: [564349] * From: eng....@pttms.co.id Mon 2016-10-17 20:15:48.765: 01: [564349] * To: eng_integra...@yahoo.com Mon 2016-10-17 20:15:48.765: 01: [564349] * Subject: Security Warning!! Do not ignore Mon 2016-10-17 20:15:48.765: 01: [564349] * Size (bytes): 13961 Mon 2016-10-17 20:15:48.765: 01: [564349] * Message-ID: Mon 2016-10-17 20:15:48.766: 01: [564349] Message moved to holding queue because sending account is disabled Mon 2016-10-17 20:15:48.792: 04: [564349] SMTP session terminated (Bytes in/out: 0/0) Mon 2016-10-17 21:15:49.096: 01: ---------- Mon 2016-10-17 21:15:49.070: 05: [564531] Session 564531; child 0007 Mon 2016-10-17 21:15:49.070: 01: [564531] Parsing message <d:\mdaemon\queues\remote\pd50000116886.msg> Mon 2016-10-17 21:15:49.071: 01: [564531] * From: eng....@pttms.co.id Mon 2016-10-17 21:15:49.071: 01: [564531] * To: eng_integra...@yahoo.com Mon 2016-10-17 21:15:49.071: 01: [564531] * Subject: Security Warning!! Do not ignore Mon 2016-10-17 21:15:49.071: 01: [564531] * Size (bytes): 19125 Mon 2016-10-17 21:15:49.071: 01: [564531] * Message-ID: Mon 2016-10-17 21:15:49.072: 01: [564531] Message moved to holding queue because sending account is disabled Mon 2016-10-17 21:15:49.097: 04: [564531] SMTP session terminated (Bytes in/out: 0/0) Mon 2016-10-17 22:31:25.640: 01: ---------- Mon 2016-10-17 22:31:25.615: 05: [564778] Session 564778; child 0007 Mon 2016-10-17 22:31:25.615: 01: [564778] Parsing message <d:\mdaemon\queues\remote\pd50000116906.msg> Mon 2016-10-17 22:31:25.616: 01: [564778] * From: eng....@pttms.co.id Mon 2016-10-17 22:31:25.616: 01: [564778] * To: eng_integra...@yahoo.com Mon 2016-10-17 22:31:25.616: 01: [564778] * Subject: Security Warning!! Do not ignore Mon 2016-10-17 22:31:25.616: 01: [564778] * Size (bytes): 24289 Mon 2016-10-17 22:31:25.616: 01: [564778] * Message-ID: Mon 2016-10-17 22:31:25.618: 01: [564778] Message moved to holding queue because sending account is disabled Mon 2016-10-17 22:31:25.640: 04: [564778] SMTP session terminated (Bytes in/out: 0/0) Mon 2016-10-17 23:00:49.861: 01: ---------- Mon 2016-10-17 23:00:49.837: 05: [564865] Session 564865; child 0007 Mon 2016-10-17 23:00:49.837: 01: [564865] Parsing message <d:\mdaemon\queues\remote\pd50000116920.msg> Mon 2016-10-17 23:00:49.838: 01: [564865] * From: eng....@pttms.co.id Mon 2016-10-17 23:00:49.838: 01: [564865] * To: eng_integra...@yahoo.com Mon 2016-10-17 23:00:49.838: 01: [564865] * Subject: Security Warning!! Do not ignore Mon 2016-10-17 23:00:49.838: 01: [564865] * Size (bytes): 29453 Mon 2016-10-17 23:00:49.838: 01: [564865] * Message-ID: Mon 2016-10-17 23:00:49.839: 01: [564865] Message moved to holding queue because sending account is disabled Mon 2016-10-17 23:00:49.862: 04: [564865] SMTP session terminated (Bytes in/out: 0/0) Regards Yarohim -- --MDaemon-L---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 16.5.1, SP 5.0.1, OC 4.0, SG 4.0.1
