[MDaemon-L] Email Mencurigakan

Agus Tarpindo Wed, 05 Jul 2017 00:58:37 -0700

YTH Pak Syafril

Siang ini user saya menerima email (mohon cek attachment), namun user saya
tidak mengenali email address email tersebut. Apakah ini spam / virus Pak?
apakah sender terpercaya atau tidak ya Pak?


Kalau saya lihat log SMTP in ada spam pada hasilnya  "Wed 2017-07-05
14:35:54.707: 11: [899877] *  Spam result: 1 - Clean"

Berikut log lengkapnya. Mohon bantuan pencerahan dan penanganannya. Terima
kasih

 

Wed 2017-07-05 14:35:50.794: 01: ----------

Wed 2017-07-05 14:35:48.377: 05: [899877] Session 899877; child 0003

Wed 2017-07-05 14:35:48.377: 05: [899877] Accepting SMTP connection from
[210.167.162.97:53476] to [202.78.202.4:25]

Wed 2017-07-05 14:35:48.380: 03: [899877] --> 220 mail.os-selnajaya.com
ESMTP Wed, 05 Jul 2017 14:35:48 +0700

Wed 2017-07-05 14:35:48.501: 02: [899877] <-- EHLO
97.96h.162.167.210.in-addr.arpa

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-mail.os-selnajaya.com
Hello 97.96h.162.167.210.in-addr.arpa, pleased to meet you

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-ETRN

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-AUTH LOGIN CRAM-MD5 PLAIN

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-8BITMIME

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-ENHANCEDSTATUSCODES

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250-STARTTLS

Wed 2017-07-05 14:35:48.501: 03: [899877] --> 250 SIZE 25600000

Wed 2017-07-05 14:35:48.783: 02: [899877] <-- MAIL FROM:
<foru...@lagoon.ocn.ne.jp>

Wed 2017-07-05 14:35:48.786: 05: [899877] Performing PTR lookup
(97.162.167.210.IN-ADDR.ARPA)

Wed 2017-07-05 14:35:49.062: 05: [899877] *
D=97.96h.162.167.210.IN-ADDR.ARPA TTL=(831)
PTR=[zz2014420240D2A7A261.userreverse.dion.ne.jp]

Wed 2017-07-05 14:35:49.062: 05: [899877] *  Gathering A records...

Wed 2017-07-05 14:35:49.086: 05: [899877] *
D=zz2014420240D2A7A261.userreverse.dion.ne.jp TTL=(9) A=[210.167.162.97]

Wed 2017-07-05 14:35:49.086: 05: [899877] ---- End PTR results

Wed 2017-07-05 14:35:49.088: 09: [899877] Performing SPF lookup
(lagoon.ocn.ne.jp / 210.167.162.97)

Wed 2017-07-05 14:35:49.106: 09: [899877] *  Policy: v=spf1 a
include:spf.ocn.ne.jp ~all

Wed 2017-07-05 14:35:49.196: 09: [899877] *  Evaluating a: no match

Wed 2017-07-05 14:35:49.196: 09: [899877] *  Evaluating
include:spf.ocn.ne.jp: performing lookup

Wed 2017-07-05 14:35:49.215: 09: [899877] *    Policy: v=spf1
include:spf1.ocn.ne.jp include:spf2.ocn.ne.jp include:spf3.ocn.ne.jp ~all

Wed 2017-07-05 14:35:49.215: 09: [899877] *    Evaluating
include:spf1.ocn.ne.jp: performing lookup

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Policy: v=spf1
ip4:60.37.40.0/24 ip4:60.37.51.0/24 ip4:118.23.100.0/24 ip4:118.23.108.0/23
ip4:118.23.180.0/24 ip4:180.8.110.0/23 ip4:122.28.14.0/23 ip4:122.28.30.0/24
ip4:125.170.92.0/24 ~all

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:60.37.40.0/24: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:60.37.51.0/24: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:118.23.100.0/24: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:118.23.108.0/23: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:118.23.180.0/24: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:180.8.110.0/23: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:122.28.14.0/23: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:122.28.30.0/24: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating
ip4:125.170.92.0/24: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *      Evaluating ~all: match

Wed 2017-07-05 14:35:49.310: 09: [899877] *    Evaluating
include:spf1.ocn.ne.jp: no match

Wed 2017-07-05 14:35:49.310: 09: [899877] *    Evaluating
include:spf2.ocn.ne.jp: performing lookup

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Policy: v=spf1
ip4:125.206.148.0/24 ip4:125.206.187.0/24 ip4:222.146.51.0/24
ip4:180.37.203.0/24 ip4:122.1.235.0/24 ip4:118.23.178.0/24
ip4:114.147.58.0/24 ip4:153.128.50.0/24 ip4:153.149.228.0/26 ~all

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:125.206.148.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:125.206.187.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:222.146.51.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:180.37.203.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:122.1.235.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:118.23.178.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:114.147.58.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:153.128.50.0/24: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating
ip4:153.149.228.0/26: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *      Evaluating ~all: match

Wed 2017-07-05 14:35:49.329: 09: [899877] *    Evaluating
include:spf2.ocn.ne.jp: no match

Wed 2017-07-05 14:35:49.329: 09: [899877] *    Evaluating
include:spf3.ocn.ne.jp: performing lookup

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Policy: v=spf1
ip4:153.149.230.0/26 ip4:153.149.232.0/26 ip4:153.149.233.0/26
ip4:153.149.234.0/26 ip4:153.149.236.0/26 ip4:153.149.227.0/26
ip4:153.149.229.0/26 ip4:153.149.231.0/26 ip4:153.149.235.0/26 ~all

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.230.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.232.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.233.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.234.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.236.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.227.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.229.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.231.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating
ip4:153.149.235.0/26: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *      Evaluating ~all: match

Wed 2017-07-05 14:35:49.348: 09: [899877] *    Evaluating
include:spf3.ocn.ne.jp: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *    Evaluating ~all: match

Wed 2017-07-05 14:35:49.348: 09: [899877] *  Evaluating
include:spf.ocn.ne.jp: no match

Wed 2017-07-05 14:35:49.348: 09: [899877] *  Evaluating ~all: match

Wed 2017-07-05 14:35:49.348: 09: [899877] *  Result: softfail

Wed 2017-07-05 14:35:49.348: 09: [899877] ---- End SPF results

Wed 2017-07-05 14:35:49.348: 03: [899877] --> 250 2.1.0 Sender OK

Wed 2017-07-05 14:35:49.469: 02: [899877] <-- RCPT
TO:<wakabaya...@selnajaya.com>

Wed 2017-07-05 14:35:49.470: 01: [899877] wakabaya...@selnajaya.com is an
alias for wakabaya...@os-selnajaya.com

Wed 2017-07-05 14:35:49.472: 05: [899877] Performing DNS-BL lookup
(210.167.162.97 - connecting IP)

Wed 2017-07-05 14:35:49.826: 05: [899877] *  zen.spamhaus.org - passed

Wed 2017-07-05 14:35:49.826: 05: [899877] ---- End DNS-BL results

Wed 2017-07-05 14:35:49.828: 03: [899877] --> 250 2.1.5 Recipient OK

Wed 2017-07-05 14:35:50.046: 02: [899877] <-- DATA

Wed 2017-07-05 14:35:50.047: 01: [899877] Creating temp file (SMTP):
d:\mdaemon\queues\temp\md50001077182.tmp

Wed 2017-07-05 14:35:50.047: 03: [899877] --> 354 Enter mail, end with
<CRLF>.<CRLF>

Wed 2017-07-05 14:35:52.298: 01: [899877] Message size: 110421 bytes

Wed 2017-07-05 14:35:52.302: 10: [899877] Performing DKIM lookup

Wed 2017-07-05 14:35:52.302: 10: [899877] *  File:
d:\mdaemon\queues\temp\md50001077182.tmp

Wed 2017-07-05 14:35:52.302: 10: [899877] *  Message-ID:
<566041.20170705163...@bonetan.pydagoz.lagoon.ocn.ne.jp>

Wed 2017-07-05 14:35:52.302: 10: [899877] *  Result: neutral

Wed 2017-07-05 14:35:52.302: 10: [899877] ---- End DKIM results

Wed 2017-07-05 14:35:52.311: 19: [899877] Performing DMARC processing

Wed 2017-07-05 14:35:52.311: 19: [899877] *  File:
d:\mdaemon\queues\temp\md50001077182.tmp

Wed 2017-07-05 14:35:52.311: 19: [899877] *  Message-ID:
<566041.20170705163...@bonetan.pydagoz.lagoon.ocn.ne.jp>

Wed 2017-07-05 14:35:52.311: 19: [899877] *  Author domain: w5.dion.ne.jp

Wed 2017-07-05 14:35:52.311: 19: [899877] *  Organizational domain:
dion.ne.jp

Wed 2017-07-05 14:35:52.311: 19: [899877] *  Query domain:
_dmarc.w5.dion.ne.jp

Wed 2017-07-05 14:35:53.062: 19: [899877] *    No DMARC policy record found

Wed 2017-07-05 14:35:53.062: 19: [899877] *  Query domain: _dmarc.dion.ne.jp

Wed 2017-07-05 14:35:53.633: 19: [899877] *    No DMARC policy record found

Wed 2017-07-05 14:35:53.633: 19: [899877] *  Action taken: none

Wed 2017-07-05 14:35:53.633: 19: [899877] *  Result: none

Wed 2017-07-05 14:35:53.633: 19: [899877] ---- End DMARC results

Wed 2017-07-05 14:35:53.635: 06: [899877] Passing message through AntiVirus
(Size: 110421)...

Wed 2017-07-05 14:35:54.413: 06: [899877] *  Message is clean (no viruses
found)

Wed 2017-07-05 14:35:54.413: 06: [899877] ---- End AntiVirus results

Wed 2017-07-05 14:35:54.707: 11: [899877] Passing message through Outbreak
Protection...

Wed 2017-07-05 14:35:54.707: 11: [899877] *  Message-ID:
<566041.20170705163...@bonetan.pydagoz.lagoon.ocn.ne.jp>

Wed 2017-07-05 14:35:54.707: 11: [899877] *  Reference-ID:
str=0001.0A090202.595C96DE.0091,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,
vl=0,cl=1,cld=1,fgs=0

Wed 2017-07-05 14:35:54.707: 11: [899877] *  Virus result: 0 - Clean

Wed 2017-07-05 14:35:54.707: 11: [899877] *  Spam result: 1 - Clean

Wed 2017-07-05 14:35:54.707: 11: [899877] *  IWF result: 0 - Clean

Wed 2017-07-05 14:35:54.707: 11: [899877] ---- End Outbreak Protection
results

Wed 2017-07-05 14:35:54.708: 07: [899877] Spam filter scan skipped; message
size (110421) exceeds spam filter configured max size of (102400)

Wed 2017-07-05 14:35:54.710: 01: [899877] Message creation successful:
d:\mdaemon\queues\inbound\md50002366553.msg

Wed 2017-07-05 14:35:54.710: 03: [899877] --> 250 2.6.0 Ok, message saved
<Message-ID: <566041.20170705163...@bonetan.pydagoz.lagoon.ocn.ne.jp>>

Wed 2017-07-05 14:35:54.868: 02: [899877] <-- QUIT

Wed 2017-07-05 14:35:54.868: 03: [899877] --> 221 2.0.0 See ya in cyberspace

Wed 2017-07-05 14:35:54.868: 01: [899877] SMTP session successful (Bytes
in/out: 110550/481)

Wed 2017-07-05 14:35:54.868: 01: ----------

 

Terima kasih

Best regards, 
AGUS



 


-- 
--MDaemon-L----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 17.0.2, SP 5.1.0, OC 4.5.0, SG 4.5.1

[MDaemon-L] Email Mencurigakan

Kirim email ke