Semangat pagi Pak Syafril..
Ada email dari internal, semacam ini headernya:
X-SPScan-Result: infected
X-SPScan-VirusName: Trojan.HCDZ-9
X-MDBadQueue-Reason: WARNING! infected with virus (Trojan.HCDZ-9)
X-MDAV-Processed: bb.ptbmi.com, Tue, 13 Nov 2018 15:44:26 +0700
Return-path: <mdt...@nobleindonesia.com>
Authentication-Results: bb.ptbmi.com;
spf=pass smtp.mailfrom=mdt...@nobleindonesia.com;
dmarc=none header.from=ptbmi.com (no DMARC record);
iprev=pass policy.iprev=203.160.56.43 reason="white listed" (HELO
mail.cybermega.co.id);
iprev=pass policy.iprev=203.160.56.43 reason="white listed" (MAIL
mdt...@nobleindonesia.com)
Received-SPF: pass (bb.ptbmi.com: domain nobleindonesia.com
designates 203.160.56.43 as permitted sender)
receiver=bb.ptbmi.com; client-ip=203.160.56.43;
mechanism=ip4:203.160.56.43/32;
envelope-from="mdt...@nobleindonesia.com";
helo=mail.cybermega.co.id;
Received: from mail.cybermega.co.id [(203.160.56.43)] by bb.ptbmi.com
(MDaemon PRO v18.0.2)
with ESMTPS id 20-md50000063898.msg; Tue, 13 Nov 2018 15:44:25 +0700
X-Spam-Processed: bb.ptbmi.com, Tue, 13 Nov 2018 15:44:25 +0700
(not processed: message size (114864) exceeds spam filter configured max
size of (102400))
X-MDSPF-Result: unapproved (bb.ptbmi.com)
X-MDRemoteIP: 203.160.56.43
X-MDHelo: mail.cybermega.co.id
X-MDArrival-Date: Tue, 13 Nov 2018 15:44:25 +0700
X-Rcpt-To: y...@ptbmi.com
X-MDRcpt-To: y...@ptbmi.com
X-Return-Path: mdt...@nobleindonesia.com
X-Envelope-From: mdt...@nobleindonesia.com
X-MDaemon-Deliver-To: bsd.y...@ptbmi.com
X-CAV-Result: clean
Received: from localhost (localhost [127.0.0.1])
by mail.cybermega.co.id (Postfix) with ESMTP id 8E05B40367D3F
for <y...@ptbmi.com>; Tue, 13 Nov 2018 15:43:19 +0700 (WIB)
Received: from mail.cybermega.co.id ([127.0.0.1])
by localhost (mail.cybermega.co.id [127.0.0.1]) (amavisd-new, port
10032)
with ESMTP id tiYSpgKSBHtL for <y...@ptbmi.com>;
Tue, 13 Nov 2018 15:43:18 +0700 (WIB)
Received: from localhost (localhost [127.0.0.1])
by mail.cybermega.co.id (Postfix) with ESMTP id B533B40369060
for <y...@ptbmi.com>; Tue, 13 Nov 2018 15:43:18 +0700 (WIB)
X-Virus-Scanned: amavisd-new at cybermega.co.id
Received: from mail.cybermega.co.id ([127.0.0.1])
by localhost (mail.cybermega.co.id [127.0.0.1]) (amavisd-new, port
10026)
with ESMTP id alt4XFBpGrPF for <y...@ptbmi.com>;
Tue, 13 Nov 2018 15:43:18 +0700 (WIB)
Received: from 10.6.21.115 (unknown [113.105.120.66])
by mail.cybermega.co.id (Postfix) with ESMTPSA id 79AAC403698C5
for <y...@ptbmi.com>; Tue, 13 Nov 2018 15:43:16 +0700 (WIB)
Date: Tue, 13 Nov 2018 16:44:15 +0800
From: Ronny Triyana <ro...@ptbmi.com> <mdt...@nobleindonesia.com>
To: y...@ptbmi.com
Message-ID: <18514979794502917124.dbaf588047cd9...@ptbmi.com>
Subject: =?UTF-8?B?UmVjaG51bmcgZsO8ciBaYWhsdW5nICAgdm9tIDEzIE5vdmVtYmVy?=
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_49698_3508543199.41991822312867918266"
X-MDArchive-Copy: 1
Apa ini yg dimaksud email dg DOUBLE FROM yg berbeda ya pak?
email semacam ini PASTI SPAM ya pak? meski ada tercantum alamat email yg
dikenal.
Action:
apa yg harus kita lakukan?
1. Blok IP? IP yg mana?
2. Blok Email Sender?
Mohon pencerahan..
thanks
Suzy
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.5.1, SG 5.5.0