> > Analisis log hanya bisa dilakukan kalau lognya lengkap 1 session, tidak > dipotong. > > Yang namanya log 1 session lengkap dimulai dari > > Session 524471 child xxx > sampai dengan > > Thu 2020-02-20 11:13:00.846: [524471] SMTP session terminate/successful
Berikut pak : Thu 2020-02-20 11:13:00.593: [524471] <-- MAIL FROM:<genyu.nakam...@jti.com> SIZE=24762 Thu 2020-02-20 11:13:00.596: [524471] Performing PTR lookup (51.81.158.202.IN-ADDR.ARPA) Thu 2020-02-20 11:13:00.597: [524471] * D=51.81.158.202.IN-ADDR.ARPA TTL=(143) PTR=[mx-corp3.cbn.net.id] Thu 2020-02-20 11:13:00.599: [524471] * D=mx-corp3.cbn.net.id TTL=(31) A=[210.210.188.51] Thu 2020-02-20 11:13:00.599: [524471] * D=mx-corp3.cbn.net.id TTL=(31) A=[202.158.81.51] Thu 2020-02-20 11:13:00.599: [524471] ---- End PTR results Thu 2020-02-20 11:13:00.602: [524471] Performing IP lookup (mx-corp3.cbn.net.id) Thu 2020-02-20 11:13:00.603: [524471] * D=mx-corp3.cbn.net.id TTL=(31) A=[202.158.81.51] Thu 2020-02-20 11:13:00.603: [524471] * D=mx-corp3.cbn.net.id TTL=(31) A=[210.210.188.51] Thu 2020-02-20 11:13:00.603: [524471] ---- End IP lookup results Thu 2020-02-20 11:13:00.606: [524471] Performing IP lookup (jti.com) Thu 2020-02-20 11:13:00.622: [524471] * D=jti.com TTL=(17) A=[52.17.142.199] Thu 2020-02-20 11:13:00.672: [524471] * P=000 S=000 D=jti.com TTL=(16) MX=[in.hes.trendmicro.eu] {52.58.62.239} Thu 2020-02-20 11:13:00.672: [524471] ---- End IP lookup results Thu 2020-02-20 11:13:00.675: [524471] Performing SPF lookup (mx-corp3.cbn.net.id / 202.158.81.51) Thu 2020-02-20 11:13:00.678: [524471] * Result: none; no SPF record in DNS Thu 2020-02-20 11:13:00.678: [524471] ---- End SPF results Thu 2020-02-20 11:13:00.678: [524471] Performing SPF lookup (jti.com / 202.158.81.51) Thu 2020-02-20 11:13:00.697: [524471] * Policy: v=spf1 include:spf.protection.outlook.com ip4:194.24.4.18 ip4:194.24.4.19 -all Thu 2020-02-20 11:13:00.698: [524471] * Evaluating include:spf.protection.outlook.com: performing lookup Thu 2020-02-20 11:13:00.714: [524471] * Policy: v=spf1 ip4:40.92.0.0/15 ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48 ip6:2a01:111:f403::/48 -all Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:40.92.0.0/15: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:40.107.0.0/16: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:52.100.0.0/14: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:104.47.0.0/17: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip6:2a01:111:f400::/48: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip6:2a01:111:f403::/48: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating -all: match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating include:spf.protection.outlook.com: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:194.24.4.18: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:194.24.4.19: no match Thu 2020-02-20 11:13:00.714: [524471] * Evaluating -all: match Thu 2020-02-20 11:13:00.714: [524471] * Result: fail Thu 2020-02-20 11:13:00.714: [524471] Message will be rejected after DMARC processing. Thu 2020-02-20 11:13:00.714: [524471] ---- End SPF results Thu 2020-02-20 11:13:00.714: [524471] --> 250 2.1.0 Sender OK Thu 2020-02-20 11:13:00.716: [524471] <-- RCPT TO:<knak...@aio.co.id> Thu 2020-02-20 11:13:00.729: [524471] --> 250 2.1.5 Recipient OK Thu 2020-02-20 11:13:00.731: [524471] <-- RCPT TO:<yba...@aio.co.id> Thu 2020-02-20 11:13:00.737: [524471] --> 250 2.1.5 Recipient OK Thu 2020-02-20 11:13:00.739: [524471] <-- DATA Thu 2020-02-20 11:13:00.740: [524471] Creating temp file (SMTP): c:\mdaemon\temp\md50001125202.tmp Thu 2020-02-20 11:13:00.740: [524471] --> 354 Enter mail, end with <CRLF>.<CRLF> Thu 2020-02-20 11:13:00.747: [524471] Message size: 23739 bytes Thu 2020-02-20 11:13:00.748: [524471] Performing DKIM lookup Thu 2020-02-20 11:13:00.748: [524471] * File: c:\mdaemon\temp\md50001125202.tmp Thu 2020-02-20 11:13:00.748: [524471] * Message-ID: <am0pr10mb220958f7607ed2495b7fca0582...@am0pr10mb2209.eurprd10.prod.outlook.com> Thu 2020-02-20 11:13:00.766: [524471] * DKIM-Signature 1: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jti.com; s=selector1; <some tags are not logged> Thu 2020-02-20 11:13:00.766: [524471] * Verification result: good signature Thu 2020-02-20 11:13:00.767: [524471] * Result: pass Thu 2020-02-20 11:13:00.767: [524471] ---- End DKIM results Thu 2020-02-20 11:13:00.771: [524471] Performing DMARC processing Thu 2020-02-20 11:13:00.771: [524471] * File: c:\mdaemon\temp\md50001125202.tmp Thu 2020-02-20 11:13:00.771: [524471] * Message-ID: <am0pr10mb220958f7607ed2495b7fca0582...@am0pr10mb2209.eurprd10.prod.outlook.com> Thu 2020-02-20 11:13:00.771: [524471] * Author domain: jti.com Thu 2020-02-20 11:13:00.772: [524471] * Organizational domain: jti.com Thu 2020-02-20 11:13:00.772: [524471] * Query domain: _dmarc.jti.com Thu 2020-02-20 11:13:00.794: [524471] * Policy record: v=DMARC1; p=reject; adkim=s; aspf=s; rua=mailto:1mpft...@ag.dmarcian.eu; ruf=mailto:1mpft...@fr.dmarcian.eu; fo=1; Thu 2020-02-20 11:13:00.797: [524471] * Verifying report recipient: 1mpft...@ag.dmarcian.eu Thu 2020-02-20 11:13:00.797: [524471] * Query domain: jti.com._report._dmarc.ag.dmarcian.eu Thu 2020-02-20 11:13:00.818: [524471] * Policy record: v=DMARC1; Thu 2020-02-20 11:13:00.818: [524471] * Recipient 1mpft...@ag.dmarcian.eu is verified Thu 2020-02-20 11:13:00.821: [524471] * Verifying report recipient: 1mpft...@fr.dmarcian.eu Thu 2020-02-20 11:13:00.821: [524471] * Query domain: jti.com._report._dmarc.fr.dmarcian.eu Thu 2020-02-20 11:13:00.845: [524471] * Policy record: v=DMARC1; Thu 2020-02-20 11:13:00.845: [524471] * Recipient 1mpft...@fr.dmarcian.eu is verified Thu 2020-02-20 11:13:00.845: [524471] * Checking authentication mechanisms for DMARC alignment Thu 2020-02-20 11:13:00.845: [524471] * SPF: domain "jti.com" did not pass SPF check Thu 2020-02-20 11:13:00.845: [524471] * DKIM: domain "jti.com" (from d= of signature #1) verified; and domain is DMARC aligned Thu 2020-02-20 11:13:00.845: [524471] * Result: pass Thu 2020-02-20 11:13:00.845: [524471] ---- End DMARC results Thu 2020-02-20 11:13:00.845: [524471] --> 550 5.7.0 Message rejected per SPF policy Thu 2020-02-20 11:13:00.846: [524471] SMTP session successful (Bytes in/out: 38404/589) Best Regards, Slamet Raharjo IT Dept. -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 19.5.4, SecurityGateway 6.5.1