[mdaemon-l] MX Backup vs MX Utama

Slamet Raharjo Sun, 23 Feb 2020 22:13:50 -0800

>
> Analisis log hanya bisa dilakukan kalau lognya lengkap 1 session, tidak
> dipotong.
> 
> Yang namanya log 1 session lengkap dimulai dari
> 
> Session 524471 child xxx
> sampai dengan
> 
> Thu 2020-02-20 11:13:00.846: [524471] SMTP session terminate/successful


Berikut pak :

Thu 2020-02-20 11:13:00.593: [524471] <-- MAIL FROM:<genyu.nakam...@jti.com> 
SIZE=24762
Thu 2020-02-20 11:13:00.596: [524471] Performing PTR lookup 
(51.81.158.202.IN-ADDR.ARPA)
Thu 2020-02-20 11:13:00.597: [524471] *  D=51.81.158.202.IN-ADDR.ARPA TTL=(143) 
PTR=[mx-corp3.cbn.net.id]
Thu 2020-02-20 11:13:00.599: [524471] *  D=mx-corp3.cbn.net.id TTL=(31) 
A=[210.210.188.51]
Thu 2020-02-20 11:13:00.599: [524471] *  D=mx-corp3.cbn.net.id TTL=(31) 
A=[202.158.81.51]
Thu 2020-02-20 11:13:00.599: [524471] ---- End PTR results
Thu 2020-02-20 11:13:00.602: [524471] Performing IP lookup (mx-corp3.cbn.net.id)
Thu 2020-02-20 11:13:00.603: [524471] *  D=mx-corp3.cbn.net.id TTL=(31) 
A=[202.158.81.51]
Thu 2020-02-20 11:13:00.603: [524471] *  D=mx-corp3.cbn.net.id TTL=(31) 
A=[210.210.188.51]
Thu 2020-02-20 11:13:00.603: [524471] ---- End IP lookup results
Thu 2020-02-20 11:13:00.606: [524471] Performing IP lookup (jti.com)
Thu 2020-02-20 11:13:00.622: [524471] *  D=jti.com TTL=(17) A=[52.17.142.199]
Thu 2020-02-20 11:13:00.672: [524471] *  P=000 S=000 D=jti.com TTL=(16) 
MX=[in.hes.trendmicro.eu] {52.58.62.239}
Thu 2020-02-20 11:13:00.672: [524471] ---- End IP lookup results
Thu 2020-02-20 11:13:00.675: [524471] Performing SPF lookup 
(mx-corp3.cbn.net.id / 202.158.81.51)
Thu 2020-02-20 11:13:00.678: [524471] *  Result: none; no SPF record in DNS
Thu 2020-02-20 11:13:00.678: [524471] ---- End SPF results
Thu 2020-02-20 11:13:00.678: [524471] Performing SPF lookup (jti.com / 
202.158.81.51)
Thu 2020-02-20 11:13:00.697: [524471] *  Policy: v=spf1 
include:spf.protection.outlook.com ip4:194.24.4.18 ip4:194.24.4.19 -all
Thu 2020-02-20 11:13:00.698: [524471] *  Evaluating 
include:spf.protection.outlook.com: performing lookup
Thu 2020-02-20 11:13:00.714: [524471] *    Policy: v=spf1 ip4:40.92.0.0/15 
ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 
ip6:2a01:111:f403::/48 -all
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating ip4:40.92.0.0/15: no match
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating ip4:40.107.0.0/16: no 
match
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating ip4:52.100.0.0/14: no 
match
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating ip4:104.47.0.0/17: no 
match
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating ip6:2a01:111:f400::/48: 
no match
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating ip6:2a01:111:f403::/48: 
no match
Thu 2020-02-20 11:13:00.714: [524471] *    Evaluating -all: match
Thu 2020-02-20 11:13:00.714: [524471] *  Evaluating 
include:spf.protection.outlook.com: no match
Thu 2020-02-20 11:13:00.714: [524471] *  Evaluating ip4:194.24.4.18: no match
Thu 2020-02-20 11:13:00.714: [524471] *  Evaluating ip4:194.24.4.19: no match
Thu 2020-02-20 11:13:00.714: [524471] *  Evaluating -all: match
Thu 2020-02-20 11:13:00.714: [524471] *  Result: fail
Thu 2020-02-20 11:13:00.714: [524471] Message will be rejected after DMARC 
processing.
Thu 2020-02-20 11:13:00.714: [524471] ---- End SPF results
Thu 2020-02-20 11:13:00.714: [524471] --> 250 2.1.0 Sender OK
Thu 2020-02-20 11:13:00.716: [524471] <-- RCPT TO:<knak...@aio.co.id>
Thu 2020-02-20 11:13:00.729: [524471] --> 250 2.1.5 Recipient OK
Thu 2020-02-20 11:13:00.731: [524471] <-- RCPT TO:<yba...@aio.co.id>
Thu 2020-02-20 11:13:00.737: [524471] --> 250 2.1.5 Recipient OK
Thu 2020-02-20 11:13:00.739: [524471] <-- DATA
Thu 2020-02-20 11:13:00.740: [524471] Creating temp file (SMTP): 
c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.740: [524471] --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2020-02-20 11:13:00.747: [524471] Message size: 23739 bytes
Thu 2020-02-20 11:13:00.748: [524471] Performing DKIM lookup
Thu 2020-02-20 11:13:00.748: [524471] *  File: c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.748: [524471] *  Message-ID: 
<am0pr10mb220958f7607ed2495b7fca0582...@am0pr10mb2209.eurprd10.prod.outlook.com>
Thu 2020-02-20 11:13:00.766: [524471] * DKIM-Signature 1: v=1; a=rsa-sha256; 
c=relaxed/relaxed; d=jti.com; s=selector1; <some tags are not logged>
Thu 2020-02-20 11:13:00.766: [524471] *    Verification result: good signature
Thu 2020-02-20 11:13:00.767: [524471] *  Result: pass
Thu 2020-02-20 11:13:00.767: [524471] ---- End DKIM results
Thu 2020-02-20 11:13:00.771: [524471] Performing DMARC processing
Thu 2020-02-20 11:13:00.771: [524471] *  File: c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.771: [524471] *  Message-ID: 
<am0pr10mb220958f7607ed2495b7fca0582...@am0pr10mb2209.eurprd10.prod.outlook.com>
Thu 2020-02-20 11:13:00.771: [524471] *  Author domain: jti.com
Thu 2020-02-20 11:13:00.772: [524471] *  Organizational domain: jti.com
Thu 2020-02-20 11:13:00.772: [524471] *  Query domain: _dmarc.jti.com
Thu 2020-02-20 11:13:00.794: [524471] *    Policy record: v=DMARC1; p=reject; 
adkim=s; aspf=s; rua=mailto:1mpft...@ag.dmarcian.eu; 
ruf=mailto:1mpft...@fr.dmarcian.eu; fo=1;
Thu 2020-02-20 11:13:00.797: [524471] *  Verifying report recipient: 
1mpft...@ag.dmarcian.eu
Thu 2020-02-20 11:13:00.797: [524471] *  Query domain: 
jti.com._report._dmarc.ag.dmarcian.eu
Thu 2020-02-20 11:13:00.818: [524471] *    Policy record: v=DMARC1;
Thu 2020-02-20 11:13:00.818: [524471] *    Recipient 1mpft...@ag.dmarcian.eu is 
verified
Thu 2020-02-20 11:13:00.821: [524471] *  Verifying report recipient: 
1mpft...@fr.dmarcian.eu
Thu 2020-02-20 11:13:00.821: [524471] *  Query domain: 
jti.com._report._dmarc.fr.dmarcian.eu
Thu 2020-02-20 11:13:00.845: [524471] *    Policy record: v=DMARC1;
Thu 2020-02-20 11:13:00.845: [524471] *    Recipient 1mpft...@fr.dmarcian.eu is 
verified
Thu 2020-02-20 11:13:00.845: [524471] *  Checking authentication mechanisms for 
DMARC alignment
Thu 2020-02-20 11:13:00.845: [524471] *    SPF: domain "jti.com" did not pass 
SPF check
Thu 2020-02-20 11:13:00.845: [524471] *    DKIM: domain "jti.com" (from d= of 
signature #1) verified; and domain is DMARC aligned
Thu 2020-02-20 11:13:00.845: [524471] *  Result: pass
Thu 2020-02-20 11:13:00.845: [524471] ---- End DMARC results
Thu 2020-02-20 11:13:00.845: [524471] --> 550 5.7.0 Message rejected per SPF 
policy
Thu 2020-02-20 11:13:00.846: [524471] SMTP session successful (Bytes in/out: 
38404/589)

Best Regards,

Slamet Raharjo
IT Dept.



--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.4, SecurityGateway 6.5.1

[mdaemon-l] MX Backup vs MX Utama

Kirim email ke