Dear pak Syafril dan rekan2
Belakangan beberapa spam mulai lolos dari spamassassin contoh nya seperti
terlampir
Mohon masukannya pak Syafril untuk mengatasi nya, apa perlu Bayesian
scorenya saya kecil kan,
saat ini konfigursinya
*A messages is spam if it scores greater or equal to [7]
*SMTP rejects messages with scores greater or equal to [10]
Terminix Kasih,
Zhia Chandra | IT Dept
M: +62 811 110 8790 - 8699953 | P: +62 251 8313 070 ext.236 | F: +62 251
8353 508
save forest and trees, Keep it on screen - think before you print - email dan
informasi yang terkandung bersifat rahasia dan dimaksudkan semata-mata untuk
penggunaan pribadi atau secara organisasi perusahaan untuk kegiatan yang
berhubungan dengan kegiatan usaha PT. Agricon Putra Citra Optima. Jika anda
bukan penerima email yang dimaksud harap langsung menghapus email ini dari
sistem anda. Jika anda menerima email ini dalam keadaan rusak/error harap
segera menghubungi kami dengan membalas/melanjutkan email tersebut ke
i...@terminix.co.id atau menghubungi IT Dept di +62251 8313070 - 236, kemudian
hapus email tersebut bersama semua lampirannya. PT. Agricon Putra Citra Optima
tidak bertanggung jawab terhadap kerusakan yang terjadi akibat email tersebut.
Fri 2013-04-19 03:19:50: ----------
Fri 2013-04-19 03:22:07: Session 397816; child 1
Fri 2013-04-19 03:22:07: Accepting SMTP connection from [85.174.26.159:63435]
to [172.16.99.6:25]
Fri 2013-04-19 03:22:07: --> 220 terminix.co.id ESMTP MDaemon 13.0.4; Fri, 19
Apr 2013 03:22:07 +0700
Fri 2013-04-19 03:22:08: <-- HELO 85.174.26.159
Fri 2013-04-19 03:22:08: --> 250 terminix.co.id Hello 85.174.26.159, pleased to
meet you
Fri 2013-04-19 03:22:09: <-- MAIL FROM:<e63...@greencafe.com>
Fri 2013-04-19 03:22:09: Performing PTR lookup (159.26.174.85.IN-ADDR.ARPA)
Fri 2013-04-19 03:22:10: * D=159.26.174.85.IN-ADDR.ARPA TTL=(60)
PTR=[dsl-85-174-26-159.avtlg.ru]
Fri 2013-04-19 03:22:10: * Gathering A records...
Fri 2013-04-19 03:22:11: * No A records found
Fri 2013-04-19 03:22:11: ---- End PTR results
Fri 2013-04-19 03:22:11: Performing IP lookup (greencafe.com)
Fri 2013-04-19 03:22:11: * D=greencafe.com TTL=(58) A=[68.178.169.201]
Fri 2013-04-19 03:22:11: * P=010 S=000 D=greencafe.com TTL=(55)
MX=[southtrail.greencafe.com] {72.167.112.11}
Fri 2013-04-19 03:22:11: ---- End IP lookup results
Fri 2013-04-19 03:22:11: Performing SPF lookup (greencafe.com / 85.174.26.159)
Fri 2013-04-19 03:22:11: * Result: none; no SPF record in DNS
Fri 2013-04-19 03:22:11: ---- End SPF results
Fri 2013-04-19 03:22:11: --> 250 <e63...@greencafe.com>, Sender ok
Fri 2013-04-19 03:22:12: <-- RCPT TO:<zhia.chan...@terminix.co.id>
Fri 2013-04-19 03:22:12: --> 250 <zhia.chan...@terminix.co.id>, Recipient ok
Fri 2013-04-19 03:22:13: <-- DATA
Fri 2013-04-19 03:22:13: Creating temp file (SMTP):
e:\mdaemon\queues\temp\md50001034471.tmp
Fri 2013-04-19 03:22:13: --> 354 Enter mail, end with <CRLF>.<CRLF>
Fri 2013-04-19 03:22:14: Message size: 668 bytes
Fri 2013-04-19 03:22:14: Performing DKIM lookup
Fri 2013-04-19 03:22:14: * File: e:\mdaemon\queues\temp\md50001034471.tmp
Fri 2013-04-19 03:22:14: * Message-ID: 000901ce3c72$2fe63f40$746dc072@adminqvk
Fri 2013-04-19 03:22:14: * Result: neutral
Fri 2013-04-19 03:22:14: ---- End DKIM results
Fri 2013-04-19 03:22:14: Performing DomainKeys lookup (Sender:
e63...@greencafe.com)
Fri 2013-04-19 03:22:14: * File: e:\mdaemon\queues\temp\md50001034471.tmp
Fri 2013-04-19 03:22:14: * Message-ID: 000901ce3c72$2fe63f40$746dc072@adminqvk
Fri 2013-04-19 03:22:14: * Querying for policy: greencafe.com
Fri 2013-04-19 03:22:14: * Querying: _domainkey.greencafe.com ...
Fri 2013-04-19 03:22:14: * DNS: * Name server reports domain name unknown
Fri 2013-04-19 03:22:14: * Result: neutral
Fri 2013-04-19 03:22:14: ---- End DomainKeys results
Fri 2013-04-19 03:22:14: Passing message through AntiVirus (Size: 668)...
Fri 2013-04-19 03:22:14: * Message is clean (no viruses found)
Fri 2013-04-19 03:22:14: ---- End AntiVirus results
Fri 2013-04-19 03:22:14: Passing message through Spam Filter (Size: 668)...
Fri 2013-04-19 03:22:15: * 2.3 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
Fri 2013-04-19 03:22:15: * 0.0 TVD_RCVD_IP4 TVD_RCVD_IP4
Fri 2013-04-19 03:22:15: * 0.0 TVD_RCVD_IP TVD_RCVD_IP
Fri 2013-04-19 03:22:15: * 3.2 FH_DATE_PAST_20XX The date is grossly in the
future.
Fri 2013-04-19 03:22:15: * 1.2 RCVD_NUMERIC_HELO Received: contains an IP
address used for HELO
Fri 2013-04-19 03:22:15: * -100 USER_IN_WHITELIST_TO address is listed in
'whitelist_to'
Fri 2013-04-19 03:22:15: * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP
address in URL
Fri 2013-04-19 03:22:15: * 6.0 BAYES_80 BODY: Bayes spam probability is 80 to
95%
Fri 2013-04-19 03:22:15: * [score: 0.8951]
Fri 2013-04-19 03:22:15: * 0.6 URIBL_SC_SURBL Contains an URL listed in the SC
SURBL blocklist
Fri 2013-04-19 03:22:15: * [URIs: 78.90.213.244]
Fri 2013-04-19 03:22:15: * 1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
Fri 2013-04-19 03:22:15: * [URIs: 78.90.213.244]
Fri 2013-04-19 03:22:15: * 1.0 RDNS_DYNAMIC Delivered to internal network by
host with
Fri 2013-04-19 03:22:15: * dynamic-looking rDNS
Fri 2013-04-19 03:22:15: * 2.8 AXB_XMAILER_MIMEOLE_OL_4379D
AXB_XMAILER_MIMEOLE_OL_4379D
Fri 2013-04-19 03:22:15: ---- End SpamAssassin results
Fri 2013-04-19 03:22:15: Spam Filter score/req: -81.30/12.0
Fri 2013-04-19 03:22:15: Message creation successful:
e:\mdaemon\queues\inbound\md50000812421.msg
Fri 2013-04-19 03:22:15: --> 250 Ok, message saved <Message-ID:
000901ce3c72$2fe63f40$746dc072@adminqvk>
Fri 2013-04-19 03:22:16: <-- QUIT
Fri 2013-04-19 03:22:16: --> 221 See ya in cyberspace
Fri 2013-04-19 03:22:16: SMTP session successful (Bytes in/out: 776/366)
Fri 2013-04-19 03:22:16: ----------
--
--[MDaemon-L]------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.0.5, SP 4.1.5, BES 2.0.2, OC 2.3.1, SG 2.1.1, PP 2.0.1Thu 2013-04-18 22:48:05: ----------
Thu 2013-04-18 22:49:46: Session 396515; child 1
Thu 2013-04-18 22:49:46: Accepting SMTP connection from [118.71.123.154:11908]
to [172.16.99.6:25]
Thu 2013-04-18 22:49:46: --> 220 terminix.co.id ESMTP MDaemon 13.0.4; Thu, 18
Apr 2013 22:49:46 +0700
Thu 2013-04-18 22:49:47: <-- HELO 118.71.123.154
Thu 2013-04-18 22:49:47: --> 250 terminix.co.id Hello 118.71.123.154, pleased
to meet you
Thu 2013-04-18 22:49:47: <-- MAIL FROM:<kmwe...@weru.de>
Thu 2013-04-18 22:49:47: Performing PTR lookup (154.123.71.118.IN-ADDR.ARPA)
Thu 2013-04-18 22:49:47: * D=154.123.71.118.IN-ADDR.ARPA TTL=(60)
PTR=[ip-address-pool-xxx.fpt.vn]
Thu 2013-04-18 22:49:47: * Gathering A records...
Thu 2013-04-18 22:49:47: * No A records found
Thu 2013-04-18 22:49:47: ---- End PTR results
Thu 2013-04-18 22:49:47: Performing IP lookup (weru.de)
Thu 2013-04-18 22:49:48: * D=weru.de TTL=(640) A=[37.202.4.112]
Thu 2013-04-18 22:49:48: * P=010 S=001 D=weru.de TTL=(640)
MX=[flanders.weru.de] {194.49.125.15}
Thu 2013-04-18 22:49:48: * P=030 S=000 D=weru.de TTL=(640)
MX=[mforward.dtag.de] {194.25.242.123}
Thu 2013-04-18 22:49:48: ---- End IP lookup results
Thu 2013-04-18 22:49:48: Performing SPF lookup (weru.de / 118.71.123.154)
Thu 2013-04-18 22:49:48: * Result: none; no SPF record in DNS
Thu 2013-04-18 22:49:48: ---- End SPF results
Thu 2013-04-18 22:49:48: --> 250 <kmwe...@weru.de>, Sender ok
Thu 2013-04-18 22:49:48: <-- RCPT TO:<zhia.chan...@terminix.co.id>
Thu 2013-04-18 22:49:48: --> 250 <zhia.chan...@terminix.co.id>, Recipient ok
Thu 2013-04-18 22:49:49: <-- DATA
Thu 2013-04-18 22:49:49: Creating temp file (SMTP):
e:\mdaemon\queues\temp\md50001030116.tmp
Thu 2013-04-18 22:49:49: --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2013-04-18 22:49:50: Message size: 671 bytes
Thu 2013-04-18 22:49:50: Performing DKIM lookup
Thu 2013-04-18 22:49:50: * File: e:\mdaemon\queues\temp\md50001030116.tmp
Thu 2013-04-18 22:49:50: * Message-ID:
002d01ce3c4b$c6193e80$3979b42b@VANYEN7v32
Thu 2013-04-18 22:49:50: * Result: neutral
Thu 2013-04-18 22:49:50: ---- End DKIM results
Thu 2013-04-18 22:49:50: Performing DomainKeys lookup (Sender: kmwe...@weru.de)
Thu 2013-04-18 22:49:50: * File: e:\mdaemon\queues\temp\md50001030116.tmp
Thu 2013-04-18 22:49:50: * Message-ID:
002d01ce3c4b$c6193e80$3979b42b@VANYEN7v32
Thu 2013-04-18 22:49:50: * Querying for policy: weru.de
Thu 2013-04-18 22:49:50: * Querying: _domainkey.weru.de ...
Thu 2013-04-18 22:49:50: * DNS: * Name server reports domain name unknown
Thu 2013-04-18 22:49:50: * Result: neutral
Thu 2013-04-18 22:49:50: ---- End DomainKeys results
Thu 2013-04-18 22:49:50: Passing message through AntiVirus (Size: 671)...
Thu 2013-04-18 22:49:50: * Message is clean (no viruses found)
Thu 2013-04-18 22:49:50: ---- End AntiVirus results
Thu 2013-04-18 22:49:50: Passing message through Spam Filter (Size: 671)...
Thu 2013-04-18 22:49:51: * 10 BAYES_99 BODY: Bayes spam probability is 99 to
100%
Thu 2013-04-18 22:49:51: * [score: 1.0000]
Thu 2013-04-18 22:49:51: * 2.3 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
Thu 2013-04-18 22:49:51: * 0.0 TVD_RCVD_IP4 TVD_RCVD_IP4
Thu 2013-04-18 22:49:51: * 0.0 TVD_RCVD_IP TVD_RCVD_IP
Thu 2013-04-18 22:49:51: * 3.2 FH_DATE_PAST_20XX The date is grossly in the
future.
Thu 2013-04-18 22:49:51: * 1.2 RCVD_NUMERIC_HELO Received: contains an IP
address used for HELO
Thu 2013-04-18 22:49:51: * -100 USER_IN_WHITELIST_TO address is listed in
'whitelist_to'
Thu 2013-04-18 22:49:51: * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP
address in URL
Thu 2013-04-18 22:49:51: * 0.6 URIBL_PH_SURBL Contains an URL listed in the PH
SURBL blocklist
Thu 2013-04-18 22:49:51: * [URIs: 83.170.192.154]
Thu 2013-04-18 22:49:51: * 4.5 URIBL_AB_SURBL Contains an URL listed in the AB
SURBL blocklist
Thu 2013-04-18 22:49:51: * [URIs: 83.170.192.154]
Thu 2013-04-18 22:49:51: * 1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
Thu 2013-04-18 22:49:51: * [URIs: 83.170.192.154]
Thu 2013-04-18 22:49:51: * 1.6 URIBL_SBL Contains an URL listed in the SBL
blocklist
Thu 2013-04-18 22:49:51: * [URIs: 83.170.192.154]
Thu 2013-04-18 22:49:51: * 2.2 AXB_XMAILER_MIMEOLE_OL_A7B9C
AXB_XMAILER_MIMEOLE_OL_A7B9C
Thu 2013-04-18 22:49:51: ---- End SpamAssassin results
Thu 2013-04-18 22:49:51: Spam Filter score/req: -72.60/12.0
Thu 2013-04-18 22:49:51: Message creation successful:
e:\mdaemon\queues\inbound\md50000812392.msg
Thu 2013-04-18 22:49:51: --> 250 Ok, message saved <Message-ID:
002d01ce3c4b$c6193e80$3979b42b@VANYEN7v32>
Thu 2013-04-18 22:49:51: <-- QUIT
Thu 2013-04-18 22:49:51: --> 221 See ya in cyberspace
Thu 2013-04-18 22:49:51: SMTP session successful (Bytes in/out: 775/364)
--
--[MDaemon-L]------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.0.5, SP 4.1.5, BES 2.0.2, OC 2.3.1, SG 2.1.1, PP 2.0.1Thu 2013-04-18 19:24:17: ----------
Thu 2013-04-18 19:24:12: Session 395454; child 5
Thu 2013-04-18 19:24:12: Accepting SMTP connection from [90.189.26.183:2197] to
[172.16.99.6:25]
Thu 2013-04-18 19:24:12: --> 220 terminix.co.id ESMTP MDaemon 13.0.4; Thu, 18
Apr 2013 19:24:12 +0700
Thu 2013-04-18 19:24:13: <-- HELO 90.189.26.183
Thu 2013-04-18 19:24:13: --> 250 terminix.co.id Hello 90.189.26.183, pleased to
meet you
Thu 2013-04-18 19:24:14: <-- MAIL FROM:<venkat...@durq.com.tw>
Thu 2013-04-18 19:24:14: Performing PTR lookup (183.26.189.90.IN-ADDR.ARPA)
Thu 2013-04-18 19:24:17: * D=183.26.189.90.IN-ADDR.ARPA TTL=(720)
PTR=[pppoe-90.189.127.183.chittel.ru]
Thu 2013-04-18 19:24:17: * Gathering A records...
Thu 2013-04-18 19:24:17: * No A records found
Thu 2013-04-18 19:24:17: ---- End PTR results
Thu 2013-04-18 19:24:17: Performing IP lookup (durq.com.tw)
Thu 2013-04-18 19:24:17: * P=005 S=000 D=durq.com.tw TTL=(54)
MX=[spam.durq.com.tw] {210.243.152.250}
Thu 2013-04-18 19:24:17: * P=010 S=001 D=durq.com.tw TTL=(54)
MX=[mail.durq.com.tw] {210.243.152.246}
Thu 2013-04-18 19:24:17: ---- End IP lookup results
Thu 2013-04-18 19:24:17: Performing SPF lookup (durq.com.tw / 90.189.26.183)
Thu 2013-04-18 19:24:17: * Result: none; no SPF record in DNS
Thu 2013-04-18 19:24:17: ---- End SPF results
Thu 2013-04-18 19:24:17: --> 250 <venkat...@durq.com.tw>, Sender ok
Thu 2013-04-18 19:24:18: <-- RCPT TO:<zhia.chan...@terminix.co.id>
Thu 2013-04-18 19:24:18: --> 250 <zhia.chan...@terminix.co.id>, Recipient ok
Thu 2013-04-18 19:24:19: <-- DATA
Thu 2013-04-18 19:24:19: Creating temp file (SMTP):
e:\mdaemon\queues\temp\md50001026498.tmp
Thu 2013-04-18 19:24:19: --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2013-04-18 19:24:20: Message size: 670 bytes
Thu 2013-04-18 19:24:20: Performing DKIM lookup
Thu 2013-04-18 19:24:20: * File: e:\mdaemon\queues\temp\md50001026498.tmp
Thu 2013-04-18 19:24:20: * Message-ID:
002901ce3c61$dfbe0670$b8852ba1@sergei21mrg6c
Thu 2013-04-18 19:24:20: * Result: neutral
Thu 2013-04-18 19:24:20: ---- End DKIM results
Thu 2013-04-18 19:24:20: Performing DomainKeys lookup (Sender:
venkat...@durq.com.tw)
Thu 2013-04-18 19:24:20: * File: e:\mdaemon\queues\temp\md50001026498.tmp
Thu 2013-04-18 19:24:20: * Message-ID:
002901ce3c61$dfbe0670$b8852ba1@sergei21mrg6c
Thu 2013-04-18 19:24:20: * Querying for policy: durq.com.tw
Thu 2013-04-18 19:24:20: * Querying: _domainkey.durq.com.tw ...
Thu 2013-04-18 19:24:22: * DNS: * Name server reports domain name unknown
Thu 2013-04-18 19:24:22: * Result: neutral
Thu 2013-04-18 19:24:22: ---- End DomainKeys results
Thu 2013-04-18 19:24:22: Passing message through AntiVirus (Size: 670)...
Thu 2013-04-18 19:24:22: * Message is clean (no viruses found)
Thu 2013-04-18 19:24:22: ---- End AntiVirus results
Thu 2013-04-18 19:24:22: Passing message through Spam Filter (Size: 670)...
Thu 2013-04-18 19:24:35: * 10 BAYES_99 BODY: Bayes spam probability is 99 to
100%
Thu 2013-04-18 19:24:35: * [score: 1.0000]
Thu 2013-04-18 19:24:35: * 2.3 FSL_HELO_BARE_IP_1 FSL_HELO_BARE_IP_1
Thu 2013-04-18 19:24:35: * 0.0 TVD_RCVD_IP4 TVD_RCVD_IP4
Thu 2013-04-18 19:24:35: * 0.0 TVD_RCVD_IP TVD_RCVD_IP
Thu 2013-04-18 19:24:35: * 3.2 FH_DATE_PAST_20XX The date is grossly in the
future.
Thu 2013-04-18 19:24:35: * 1.2 RCVD_NUMERIC_HELO Received: contains an IP
address used for HELO
Thu 2013-04-18 19:24:35: * -100 USER_IN_WHITELIST_TO address is listed in
'whitelist_to'
Thu 2013-04-18 19:24:35: * 0.0 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP
address in URL
Thu 2013-04-18 19:24:35: * 1.7 URIBL_BLACK Contains an URL listed in the URIBL
blacklist
Thu 2013-04-18 19:24:35: * [URIs: 94.28.49.130]
Thu 2013-04-18 19:24:35: * 0.6 URIBL_PH_SURBL Contains an URL listed in the PH
SURBL blocklist
Thu 2013-04-18 19:24:35: * [URIs: 94.28.49.130]
Thu 2013-04-18 19:24:35: * 4.5 URIBL_AB_SURBL Contains an URL listed in the AB
SURBL blocklist
Thu 2013-04-18 19:24:35: * [URIs: 94.28.49.130]
Thu 2013-04-18 19:24:35: * 0.6 URIBL_SC_SURBL Contains an URL listed in the SC
SURBL blocklist
Thu 2013-04-18 19:24:35: * [URIs: 94.28.49.130]
Thu 2013-04-18 19:24:35: * 1.0 RDNS_DYNAMIC Delivered to internal network by
host with
Thu 2013-04-18 19:24:35: * dynamic-looking rDNS
Thu 2013-04-18 19:24:35: * 2.8 AXB_XMAILER_MIMEOLE_OL_4379D
AXB_XMAILER_MIMEOLE_OL_4379D
Thu 2013-04-18 19:24:35: ---- End SpamAssassin results
Thu 2013-04-18 19:24:35: Spam Filter score/req: -72.20/12.0
Thu 2013-04-18 19:24:35: Message creation successful:
e:\mdaemon\queues\inbound\md50000812367.msg
Thu 2013-04-18 19:24:35: --> 250 Ok, message saved <Message-ID:
002901ce3c61$dfbe0670$b8852ba1@sergei21mrg6c>
Thu 2013-04-18 19:24:36: <-- QUIT
Thu 2013-04-18 19:24:36: --> 221 See ya in cyberspace
Thu 2013-04-18 19:24:36: SMTP session successful (Bytes in/out: 779/372)
--
--[MDaemon-L]------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com
Versi terakhir MD 13.0.5, SP 4.1.5, BES 2.0.2, OC 2.3.1, SG 2.1.1, PP 2.0.1
