Dear Pak Syafril,
Pak Syafril mau bertanya belakangan ini kami sering mengalami serangan account hijack dari luar , padahal utk dymanic screening dan location sudah kita aktif kan. Yg ingin saya tanya kan apakah utk hijack detection dan spambot detection perlu di enable ? dan bisa di kirimkan settingan utk kedua menu ini best practice nya . Terima Kasih. Berikut kami lampirkan log smtp-out : 2018-06-12 04:01:31.654: ---------- Tue 2018-06-12 04:26:01.177: [756095] Session 756095; child 0001 Tue 2018-06-12 04:26:01.177: [756095] Parsing message <d:\mdaemon\queues\remote\pd35002811921.msg> Tue 2018-06-12 04:26:01.178: [756095] * From: charli....@dima.co.id Tue 2018-06-12 04:26:01.178: [756095] * To: hbbtkepurpsrd...@quaihuonglashzke.info Tue 2018-06-12 04:26:01.178: [756095] * Subject: Tax Return Transcript from 06/12/2018 Tue 2018-06-12 04:26:01.178: [756095] * Size (bytes): 140054 Tue 2018-06-12 04:26:01.178: [756095] * Message-ID: <313035646463.2018611212...@quaihuonglashzke.info> Tue 2018-06-12 04:26:01.180: [756095] Attempting to send message to smart host Tue 2018-06-12 04:26:01.180: [756095] Attempting SMTP connection to smtp.antispamcloud.com Tue 2018-06-12 04:26:01.180: [756095] Resolving A record for smtp.antispamcloud.com (DNS Server: 116.254.101.2)... Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[198.7.58.152] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[217.20.113.37] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[5.79.72.138] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[5.79.72.139] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[37.48.65.165] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[46.165.209.5] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[46.165.217.141] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[46.165.217.142] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[69.64.57.56] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[85.25.237.173] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[94.75.244.163] Tue 2018-06-12 04:26:01.182: [756095] * D=smtp.antispamcloud.com TTL=(0) A=[138.201.61.135] Tue 2018-06-12 04:26:01.182: [756095] Randomly picked 94.75.244.163 from list of possible hosts Tue 2018-06-12 04:26:01.183: [756095] Attempting SMTP connection to 94.75.244.163:587 Tue 2018-06-12 04:26:01.183: [756095] Waiting for socket connection... Tue 2018-06-12 04:26:01.368: [756095] * Connection established 116.254.100.37:57350 --> 94.75.244.163:587 Tue 2018-06-12 04:26:01.368: [756095] Waiting for protocol to start... Tue 2018-06-12 04:26:01.928: [756095] <-- 220 mx3.antispamcloud.com ESMTP Exim 135182 Mon, 11 Jun 2018 23:22:16 +0200 Tue 2018-06-12 04:26:01.929: [756095] --> EHLO mail.dima.co.id Tue 2018-06-12 04:26:02.112: [756095] <-- 250-mx3.antispamcloud.com Hello edm.ed-dima.com [116.254.100.37] Tue 2018-06-12 04:26:02.112: [756095] <-- 250-SIZE Tue 2018-06-12 04:26:02.112: [756095] <-- 250-8BITMIME Tue 2018-06-12 04:26:02.112: [756095] <-- 250-DSN Tue 2018-06-12 04:26:02.112: [756095] <-- 250-AUTH PLAIN LOGIN Tue 2018-06-12 04:26:02.112: [756095] <-- 250-STARTTLS Tue 2018-06-12 04:26:02.112: [756095] <-- 250 HELP Tue 2018-06-12 04:26:02.112: [756095] --> STARTTLS Tue 2018-06-12 04:26:02.305: [756095] <-- 220 TLS go ahead Tue 2018-06-12 04:26:02.681: [756095] SSL negotiation successful (TLS 1.2, 2048 bit key exchange, 128 bit AES encryption) Tue 2018-06-12 04:26:02.890: [756095] SSL certificate is valid (matches smtp.antispamcloud.com and is signed by recognized CA) Tue 2018-06-12 04:26:02.890: [756095] --> EHLO mail.dima.co.id Tue 2018-06-12 04:26:03.075: [756095] <-- 250-mx3.antispamcloud.com Hello edm.ed-dima.com [116.254.100.37] Tue 2018-06-12 04:26:03.075: [756095] <-- 250-SIZE Tue 2018-06-12 04:26:03.075: [756095] <-- 250-8BITMIME Tue 2018-06-12 04:26:03.075: [756095] <-- 250-DSN Tue 2018-06-12 04:26:03.075: [756095] <-- 250-AUTH PLAIN LOGIN Tue 2018-06-12 04:26:03.075: [756095] <-- 250 HELP Tue 2018-06-12 04:26:03.075: [756095] --> AUTH LOGIN Tue 2018-06-12 04:26:03.258: [756095] <-- 334 VXNlcm5hbWU6 Tue 2018-06-12 04:26:03.258: [756095] --> ********** Tue 2018-06-12 04:26:03.442: [756095] <-- 334 UGFzc3dvcmQ6 Tue 2018-06-12 04:26:03.442: [756095] --> ********** Tue 2018-06-12 04:26:03.628: [756095] <-- 235 Authentication succeeded Tue 2018-06-12 04:26:03.628: [756095] --> MAIL From:<charli....@dima.co.id> SIZE=140054 Tue 2018-06-12 04:26:08.791: [756095] <-- 250 OK Tue 2018-06-12 04:26:08.791: [756095] --> RCPT To:<hbbtkepurpsrd...@quaihuonglashzke.info> Tue 2018-06-12 04:26:08.984: [756095] <-- 250 Accepted Tue 2018-06-12 04:26:08.986: [756095] --> DATA Tue 2018-06-12 04:26:09.169: [756095] <-- 354 Enter message, ending with "." on a line by itself Tue 2018-06-12 04:26:09.169: [756095] Sending <d:\mdaemon\queues\remote\pd35002811921.msg> to [94.75.244.163] Tue 2018-06-12 04:26:10.108: [756095] Transfer Complete Tue 2018-06-12 04:26:11.883: [756095] <-- 550 Message contained unsafe content (Sanesecurity.Badmacro.Doc.shkey) Tue 2018-06-12 04:26:11.883: [756095] --> QUIT Tue 2018-06-12 04:26:11.886: [756095] Creating delivery failure DSN... Tue 2018-06-12 04:26:11.886: [756095] * Recipient: charli....@dima.co.id Tue 2018-06-12 04:26:11.886: [756095] * Session-ID: 756095 Tue 2018-06-12 04:26:11.886: [756095] * Queue-ID: pd35002811921.msg Tue 2018-06-12 04:26:11.886: [756095] * Message-ID: 313035646463.2018611212...@quaihuonglashzke.info Tue 2018-06-12 04:26:11.886: [756095] --- End DSN message creation Tue 2018-06-12 04:26:12.064: [756095] <-- 221 mx3.antispamcloud.com closing connection Tue 2018-06-12 04:26:12.064: [756095] SMTP session terminated (Bytes in/out: 11202/143884) Tue 2018-06-12 04:26:12.064: ---------- Tue 2018-06-12 04:28:11.216: [756215] Session 756215; child 0001 Tue 2018-06-12 04:28:11.216: [756215] Parsing message <d:\mdaemon\queues\remote\pd35002811922.msg> Tue 2018-06-12 04:28:11.216: [756215] * From: charli....@dima.co.id Tue 2018-06-12 04:28:11.216: [756215] * To: baramb...@sepia.com.mx Tue 2018-06-12 04:28:11.216: [756215] * Subject: IRS Tax Return Transcript from June 12, 2018 Tue 2018-06-12 04:28:11.216: [756215] * Size (bytes): 2278 Tue 2018-06-12 04:28:11.216: [756215] * Message-ID: <1946690721802.201861121...@sepia.com.mx> Tue 2018-06-12 04:28:11.218: [756215] Attempting to send message to smart host Tue 2018-06-12 04:28:11.218: [756215] Attempting SMTP connection to smtp.antispamcloud.com Tue 2018-06-12 04:28:11.219: [756215] Resolving A record for smtp.antispamcloud.com (DNS Server: 116.254.101.2)... Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[46.165.217.141] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[46.165.217.142] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[69.64.57.56] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[85.25.237.173] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[94.75.244.163] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[138.201.61.135] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[198.7.58.152] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[217.20.113.37] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[5.79.72.138] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[5.79.72.139] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[37.48.65.165] Tue 2018-06-12 04:28:11.221: [756215] * D=smtp.antispamcloud.com TTL=(58) A=[46.165.209.5] Tue 2018-06-12 04:28:11.221: [756215] Randomly picked 85.25.237.173 from list of possible hosts Tue 2018-06-12 04:28:11.221: [756215] Attempting SMTP connection to 85.25.237.173:587 Tue 2018-06-12 04:28:11.221: [756215] Waiting for socket connection... Tue 2018-06-12 04:28:11.393: [756215] * Connection established 116.254.100.37:57353 --> 85.25.237.173:587 Tue 2018-06-12 04:28:11.393: [756215] Waiting for protocol to start... Tue 2018-06-12 04:28:11.725: [756215] <-- 220 mx35.antispamcloud.com ESMTP Exim 134224 Mon, 11 Jun 2018 23:24:26 +0200 Tue 2018-06-12 04:28:11.726: [756215] --> EHLO mail.dima.co.id Tue 2018-06-12 04:28:11.897: [756215] <-- 250-mx35.antispamcloud.com Hello edm.ed-dima.com [116.254.100.37] Tue 2018-06-12 04:28:11.897: [756215] <-- 250-SIZE Tue 2018-06-12 04:28:11.897: [756215] <-- 250-8BITMIME Tue 2018-06-12 04:28:11.897: [756215] <-- 250-DSN Tue 2018-06-12 04:28:11.897: [756215] <-- 250-AUTH PLAIN LOGIN Tue 2018-06-12 04:28:11.897: [756215] <-- 250-STARTTLS Tue 2018-06-12 04:28:11.897: [756215] <-- 250 HELP Tue 2018-06-12 04:28:11.897: [756215] --> STARTTLS Tue 2018-06-12 04:28:12.075: [756215] <-- 220 TLS go ahead Tue 2018-06-12 04:28:12.424: [756215] SSL negotiation successful (TLS 1.2, 2048 bit key exchange, 128 bit AES encryption) Tue 2018-06-12 04:28:12.426: [756215] SSL certificate is valid (matches smtp.antispamcloud.com and is signed by recognized CA) Tue 2018-06-12 04:28:12.426: [756215] --> EHLO mail.dima.co.id Tue 2018-06-12 04:28:12.597: [756215] <-- 250-mx35.antispamcloud.com Hello edm.ed-dima.com [116.254.100.37] Tue 2018-06-12 04:28:12.597: [756215] <-- 250-SIZE Tue 2018-06-12 04:28:12.597: [756215] <-- 250-8BITMIME Tue 2018-06-12 04:28:12.597: [756215] <-- 250-DSN Tue 2018-06-12 04:28:12.597: [756215] <-- 250-AUTH PLAIN LOGIN Tue 2018-06-12 04:28:12.597: [756215] <-- 250 HELP Tue 2018-06-12 04:28:12.597: [756215] --> AUTH LOGIN Tue 2018-06-12 04:28:12.769: [756215] <-- 334 VXNlcm5hbWU6 Tue 2018-06-12 04:28:12.769: [756215] --> ********** Tue 2018-06-12 04:28:12.942: [756215] <-- 334 UGFzc3dvcmQ6 Tue 2018-06-12 04:28:12.943: [756215] --> ********** Tue 2018-06-12 04:28:13.115: [756215] <-- 235 Authentication succeeded Tue 2018-06-12 04:28:13.115: [756215] --> MAIL From:<charli....@dima.co.id> SIZE=2278 Tue 2018-06-12 04:28:13.717: [756215] <-- 250 OK Tue 2018-06-12 04:28:13.717: [756215] --> RCPT To:<baramb...@sepia.com.mx> Tue 2018-06-12 04:28:14.042: [756215] <-- 250 Accepted Tue 2018-06-12 04:28:14.042: [756215] --> DATA Tue 2018-06-12 04:28:14.213: [756215] <-- 354 Enter message, ending with "." on a line by itself Tue 2018-06-12 04:28:14.213: [756215] Sending <d:\mdaemon\queues\remote\pd35002811922.msg> to [85.25.237.173] Tue 2018-06-12 04:28:14.213: [756215] Transfer Complete Tue 2018-06-12 04:28:15.114: [756215] <-- 550 A URL in this email (tpc . hu) is listed on https://spamrl.com/. Please resolve and retry Tue 2018-06-12 04:28:15.115: [756215] --> QUIT Tue 2018-06-12 04:28:15.117: [756215] Creating delivery failure DSN... Tue 2018-06-12 04:28:15.117: [756215] * Recipient: charli....@dima.co.id Tue 2018-06-12 04:28:15.117: [756215] * Session-ID: 756215 Tue 2018-06-12 04:28:15.117: [756215] * Queue-ID: pd35002811922.msg Tue 2018-06-12 04:28:15.117: [756215] * Message-ID: 1946690721802.201861121...@sepia.com.mx Tue 2018-06-12 04:28:15.117: [756215] --- End DSN message creation Tue 2018-06-12 04:28:15.287: [756215] <-- 221 mx35.antispamcloud.com closing connection Tue 2018-06-12 04:28:15.287: [756215] SMTP session terminated (Bytes in/out: 11969/3746) Tue 2018-06-12 04:28:15.287: ---------- Thank's Heryanto -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 18.0.1, SG 5.5.0
