Dear Pak Syafril,
Mohon bantuan analisanya, untuk spam yang berhasil lolos ini kenapa ya
pak, terima kasih
Lognya sbb :
Tue 2021-05-25 20:47:29.264: [13909663] Session 13909663; child 0001
Tue 2021-05-25 20:47:29.264: [13909663] Accepting SMTP connection from
59.84.175.233:29451 to 124.81.84.135:25
Tue 2021-05-25 20:47:29.264: [13909663] Location Screen says connection
is from Japan, Asia
Tue 2021-05-25 20:47:29.265: [13909663] --> 220 mail.persada.id ESMTP
MDaemon 21.0.1; Tue, 25 May 2021 20:47:29 +0700
Tue 2021-05-25 20:47:29.368: [13909663] <-- EHLO mgsp102.cybermail.jp
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-mail.persada.id Hello
mgsp102.cybermail.jp [59.84.175.233], pleased to meet you
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ETRN
Tue 2021-05-25 20:47:29.368: [13909663] Location Screening hiding AUTH
from country Japan, Asia
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-8BITMIME
Tue 2021-05-25 20:47:29.368: [13909663] --> 250-ENHANCEDSTATUSCODES
Tue 2021-05-25 20:47:29.368: [13909663] --> 250 SIZE
Tue 2021-05-25 20:47:29.467: [13909663] <-- MAIL
FROM:<informat...@fdydo.co.jp>
Tue 2021-05-25 20:47:29.477: [13909663] Performing PTR lookup
(233.175.84.59.IN-ADDR.ARPA)
Tue 2021-05-25 20:47:29.656: [13909663] * D=233.175.84.59.IN-ADDR.ARPA
TTL=(1440) PTR=[mgsp102.cybermail.jp]
Tue 2021-05-25 20:47:29.797: [13909663] * D=mgsp102.cybermail.jp
TTL=(30) A=[59.84.175.233]
Tue 2021-05-25 20:47:29.797: [13909663] ---- End PTR results
Tue 2021-05-25 20:47:29.800: [13909663] Performing IP lookup
(mgsp102.cybermail.jp)
Tue 2021-05-25 20:47:29.801: [13909663] * D=mgsp102.cybermail.jp
TTL=(30) A=[59.84.175.233]
Tue 2021-05-25 20:47:29.801: [13909663] ---- End IP lookup results
Tue 2021-05-25 20:47:29.807: [13909663] Performing IP lookup (fdydo.co.jp)
Tue 2021-05-25 20:47:29.851: [13909663] * D=fdydo.co.jp TTL=(60)
A=[202.189.180.66]
Tue 2021-05-25 20:47:30.083: [13909663] * P=010 S=000 D=fdydo.co.jp
TTL=(5) MX=[mg.cybermail.jp] {59.84.175.228}
Tue 2021-05-25 20:47:30.083: [13909663] ---- End IP lookup results
Tue 2021-05-25 20:47:30.085: [13909663] Performing SPF lookup
(mgsp102.cybermail.jp / 59.84.175.233)
Tue 2021-05-25 20:47:30.203: [13909663] * Result: none; no SPF record
in DNS
Tue 2021-05-25 20:47:30.203: [13909663] ---- End SPF results
Tue 2021-05-25 20:47:30.203: [13909663] Performing SPF lookup
(fdydo.co.jp / 59.84.175.233)
Tue 2021-05-25 20:47:30.224: [13909663] * Policy: v=spf1
include:spfcm.cybermail.jp +ip4:153.149.98.115/32 -all
Tue 2021-05-25 20:47:30.224: [13909663] * Evaluating
include:spfcm.cybermail.jp: performing lookup
Tue 2021-05-25 20:47:30.328: [13909663] * Policy: v=spf1
ip4:59.84.175.224/27 ip4:120.137.171.0/25 ip4:27.121.5.128/25
ip4:59.84.175.64/26 ip4:42.125.229.64/26 ip4:168.138.218.72
ip4:158.101.93.181 ip4:168.138.36.14 ip4:168.138.33.163
ip4:158.101.76.206 ip4:158.101.133.234 ip4:158.
Tue 2021-05-25 20:47:30.328: [13909663] * Evaluating
ip4:59.84.175.224/27: match
Tue 2021-05-25 20:47:30.328: [13909663] * Evaluating
include:spfcm.cybermail.jp: match
Tue 2021-05-25 20:47:30.328: [13909663] * Result: pass
Tue 2021-05-25 20:47:30.328: [13909663] ---- End SPF results
Tue 2021-05-25 20:47:30.328: [13909663] --> 250 2.1.0 Sender OK
Tue 2021-05-25 20:47:30.427: [13909663] <-- RCPT TO:<ade.hary...@persada.id>
Tue 2021-05-25 20:47:30.434: [13909663] Performing DNS-BL lookup
(59.84.175.233 - connecting IP)
Tue 2021-05-25 20:47:30.451: [13909663] * zen.spamhaus.org - passed
Tue 2021-05-25 20:47:30.545: [13909663] * bl.spamcop.net - passed
Tue 2021-05-25 20:47:30.545: [13909663] ---- End DNS-BL results
Tue 2021-05-25 20:47:30.547: [13909663] --> 250 2.1.5 Recipient OK
Tue 2021-05-25 20:47:30.646: [13909663] <-- DATA
Tue 2021-05-25 20:47:30.648: [13909663] --> 354 Enter mail, end with
<CRLF>.<CRLF>
Tue 2021-05-25 20:47:30.846: [13909663] Message size: 3882 bytes
Tue 2021-05-25 20:47:30.848: [13909663] Performing DKIM verification
Tue 2021-05-25 20:47:30.848: [13909663] * File:
c:\mdaemon\queues\temp\md5001000006109.tmp
Tue 2021-05-25 20:47:30.848: [13909663] * Message-ID:
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Tue 2021-05-25 20:47:30.848: [13909663] * Result: neutral
Tue 2021-05-25 20:47:30.848: [13909663] ---- End DKIM results
Tue 2021-05-25 20:47:30.856: [13909663] Performing DMARC processing
Tue 2021-05-25 20:47:30.856: [13909663] * File:
c:\mdaemon\queues\temp\md5001000006109.tmp
Tue 2021-05-25 20:47:30.856: [13909663] * Message-ID:
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Tue 2021-05-25 20:47:30.856: [13909663] * Author domain: fdydo.co.jp
Tue 2021-05-25 20:47:30.856: [13909663] * Organizational domain:
fdydo.co.jp
Tue 2021-05-25 20:47:30.856: [13909663] * Query domain: _dmarc.fdydo.co.jp
Tue 2021-05-25 20:47:30.889: [13909663] * No DMARC policy record found
Tue 2021-05-25 20:47:30.889: [13909663] * Action taken: none
Tue 2021-05-25 20:47:30.889: [13909663] * Result: none
Tue 2021-05-25 20:47:30.889: [13909663] ---- End DMARC results
Tue 2021-05-25 20:47:30.892: [13909663] Passing message through
AntiVirus (Size: 3882)...
Tue 2021-05-25 20:47:30.916: [13909663] * Message is clean (no viruses
found) scanned by (Cyren AV)
Tue 2021-05-25 20:47:30.916: [13909663] ---- End AntiVirus results
Tue 2021-05-25 20:47:30.958: [13909663] Passing message through Outbreak
Protection...
Tue 2021-05-25 20:47:30.958: [13909663] * Message-ID:
<4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Tue 2021-05-25 20:47:30.958: [13909663] * Reference-ID:
str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0
Tue 2021-05-25 20:47:30.958: [13909663] * Virus result: 0 - Clean
Tue 2021-05-25 20:47:30.959: [13909663] * Spam result: 4 - Spam (confirmed)
Tue 2021-05-25 20:47:30.959: [13909663] * IWF result: 0 - Clean
Tue 2021-05-25 20:47:30.959: [13909663] ---- End Outbreak Protection results
Tue 2021-05-25 20:47:30.961: [13909663] Passing message through Spam
Filter (Size: 3882)...
Tue 2021-05-25 20:47:31.340: [13909663] * 2.5 MDAEMON_OP_SPAM_HIGH
MDaemon: spam/phish
Tue 2021-05-25 20:47:31.340: [13909663] * 0.5 PDS_BTC_ID FP reduced
Bitcoin ID
Tue 2021-05-25 20:47:31.340: [13909663] ---- End SpamAssassin results
Tue 2021-05-25 20:47:31.340: [13909663] Spam Filter score/req: 3.00/10.0
Tue 2021-05-25 20:47:31.443: [13909663] Message creation successful:
c:\mdaemon\queues\inbound\md5001001482648.msg
Tue 2021-05-25 20:47:31.443: [13909663] --> 250 2.6.0 Ok, message saved
<Message-ID: <4.0.9d.293.8r385u03trn952...@fdydo.co.jp>>
Tue 2021-05-25 20:47:31.444: [13909663] <-- QUIT
Tue 2021-05-25 20:47:31.444: [13909663] --> 221 2.0.0 See ya in cyberspace
Tue 2021-05-25 20:47:31.444: [13909663] SMTP session successful (Bytes
in/out: 3995/422)
Email headernya sbb :
X-MDAV-Result: clean
X-MDAV-Processed: mail.persada.id, Tue, 25 May 2021 20:47:34 +0700
Return-path: <informat...@fdydo.co.jp>
Authentication-Results: mail.persada.id;
spf=pass smtp.mailfrom=informat...@fdydo.co.jp;
dmarc=none header.from=fdydo.co.jp (no DMARC record);
iprev=pass policy.iprev=59.84.175.233 (PTR mgsp102.cybermail.jp);
iprev=pass policy.iprev=59.84.175.233 (HELO mgsp102.cybermail.jp);
iprev=fail reason="does not match" policy.iprev=59.84.175.233 (MAIL
informat...@fdydo.co.jp)
Received-SPF: pass (mail.persada.id: domain fdydo.co.jp
designates 59.84.175.233 as permitted sender)
receiver=mail.persada.id; client-ip=59.84.175.233;
mechanism=ip4:59.84.175.224/27;
envelope-from="informat...@fdydo.co.jp";
helo=mgsp102.cybermail.jp;
Received: from mgsp102.cybermail.jp (mgsp102.cybermail.jp
[59.84.175.233]) by mail.persada.id (124.81.84.135) (MDaemon PRO v21.0.1)
with ESMTP id md5001001482648.msg; Tue, 25 May 2021 20:47:34 +0700
X-Spam-Level: ***
X-Spam-Status: No, score=3.00 required=5.0
X-Spam-Report:
* 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
* 0.5 PDS_BTC_ID FP reduced Bitcoin ID
X-Spam-Processed: mail.persada.id, Tue, 25 May 2021 20:47:34 +0700
(processed during SMTP session)
X-MDOP-RefID:
str=0001.0A67340D.60ACC854.002D,ss=3,sh,re=0.000,recu=0.000,reip=0.000,pt=C_5816,cl=4,cld=1,fgs=0
(_st=4 _vt=0 _iwf=0)
X-MDSPF-Result: unapproved (mail.persada.id)
X-MDRemoteIP: 59.84.175.233
X-MDHelo: mgsp102.cybermail.jp
X-MDArrival-Date: Tue, 25 May 2021 20:47:34 +0700
X-MDOrigin-Country: Japan, Asia
X-Rcpt-To: ade.hary...@persada.id
X-MDRcpt-To: ade.hary...@persada.id
X-Return-Path: informat...@fdydo.co.jp
X-Envelope-From: informat...@fdydo.co.jp
X-MDaemon-Deliver-To: ade.hary...@persada.id
X-MailGates: (flag:3,DYNAMIC,RELAY,NOHOST:PASS)(compute_score:DELIVER,40
,3)
Received: from 192.168.4.11
by mgsp102.cybermail.jp with Mail2000 ESMTP Server
V7.00(21234:0:AUTH_RELAY)
(envelope-from <informat...@fdydo.co.jp>); Tue, 25 May 2021
22:47:28 +0900 (JST)
X-M2K-DINF:
v=1;em=2;eh=9903a364/E88CXo;ec=dd33eafb;m=+SfCJeaZzNACKb7ZgKfrrqdJ
wsGky3wOpErXD2lKCfhcm/gRXOxPBL3fmxrAivtMdHlyGg8y6XzpTjB6zsH0ds8a+ZYqzd/s0zro
+HWWLs2BDWubiigs76CtNZHOdykJNy9wQnbegZLgvZfSK23xzg==
Received: from 177.154.226.187
by cmsp105.cybermail.jp with Mail2000 ESMTPA Server
V7.00(8690:0:AUTH_LOGIN)
(envelope-from <informat...@fdydo.co.jp>); Tue, 25 May 2021
22:47:25 +0900 (JST)
From: Dream <informat...@fdydo.co.jp>
MIME-Version: 1.0
Message-ID: <4.0.9d.293.8r385u03trn952...@fdydo.co.jp>
Subject: Berhasil masuk, semua data di perangkat Anda telah disalin. Baca
instruksi di dalamnya.
Date: Tue, 25 May 2021 16:47:23 +0300
To: ade.hary...@persada.id
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
X-EMarSys-Environment: ukrfnpxt
X-Felis-L: 0SB74PT9H5Z97U82N7T4FD9GI17UVNNTE
X-ClientProxiedBy: 108.99.192.060
Salam,
Ini peringatan terakhir.=20
Sistem Anda disusupi.=20
Semua data disalin dari perangkat Anda ke server kami. Anda juga =
merekam video dari kamera Anda saat menonton film porno.=20
Virus saya menginfeksi perangkat Anda melalui situs web dewasa yan=
g baru-baru ini Anda kunjungi.=20
Jika Anda tidak tahu cara kerjanya, saya akan memberi tahu Anda d=
etailnya.=20
Virus Trojan memberi saya akses dan kendali penuh atas perangkat =
yang Anda gunakan. Akibatnya, saya bisa melihat seluruh layar, men=
yalakan kamera dan mikrofon, dan Anda bahkan tidak menyadarinya.=20=
Saya merekam video layar dan perangkat kamera Anda dan memasang v=
ideo, satu bagian berisi video Anda sedang masturbasi, dan bagian =
lainnya berisi video porno yang Anda buka saat itu.=20
Saya melihat seluruh daftar kontak Anda dari ponsel Anda dan semu=
a media sosial. Saya dapat memposting video ini ke seluruh ponsel=
, email, dan daftar kontak media sosial Anda dalam sekejap. Selain=
itu, saya juga dapat mengirimkan semua informasi tentang email A=
nda serta alat komunikasi.=20
Aku bisa menghancurkan reputasimu selamanya.=20
Jika Anda ingin menghindari konsekuensi ini, maka:
Transfer BTC 0,039 ke dompet Bitcoin saya(Jika Anda tidak tahu b=
agaimana melakukan ini, ketik "Beli Bitcoin" ke dalam kotak pencar=
ian Google).=20
Dompet Bitcoin Saya (Dompet BTC): bc1q90237mggarazuucy24j7amayexjydh=
rrd09h00
Segera setelah pembayaran diterima, saya akan segera menghancurkan =
videonya dan menjamin bahwa saya tidak akan mengganggu Anda lagi=
=2E=20
Anda memiliki waktu 50 jam (lebih dari 2 hari) untuk menyelesaika=
n pembayaran. Saya mendapatkan pemberitahuan otomatis ketika saya =
membaca email ini. Demikian juga, pengatur waktu secara otomatis m=
ati setelah Anda membaca email saat ini.=20
Jangan mencoba mengeluh tentang apa pun karena dompetnya tidak men=
gikuti, surat dari mana surat itu berasal, dan tidak mengikuti se=
rta membuat secara otomatis, jadi tidak masuk akal untuk menulis =
kepada saya. Jika Anda mencoba membagikan email ini dengan seseor=
ang, sistem akan secara otomatis mengirim permintaan ke server, y=
ang akan mengirim semua informasi ke jejaring sosial.=20
Mengubah jaringan sosial, email, dan kata sandi perangkat Anda ti=
dak akan membantu Anda karena semua informasi telah diunggah ke cl=
uster server saya.=20
Semoga berhasil, dan jangan melakukan hal bodoh. Pikirkan reputasi=
Anda.
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.0.2, SecurityGateway 8.0.1