[Mdaemon-L] Dynamic screening refused connection

Tue, 14 Mar 2023 18:59:27 -0700 

On 14/03/2023 20:03, Syafril Hermansyah via Mdaemon-L wrote:



Kelihatnya ini koneksi mail firewall antivirus yang berbasis MTA Exim 
yang sering pakai protocol yang tidak standard Internet Mail (RFC 
standard).
Coba periksa di smtp-in log 2023-03-14 sebelum jam 14:03 server 
168.245.118.232 identitas hostnya apa 


Identitas hostnya ini pak o1.ptr5115.jurnal.id [168.245.118.232]



dan kirim mail dari sender mana ke recipient mana saja (mungkin lebih 
dari 101 recipient)



untuk sender-nya 
bounces+11642051-f070-6211202288=persada...@em2413.talenta.co


dikirimnya memang ke banyak email alias kami pak (SC terlampir)



Jangan pakai trusted host/trusted IP, itu berkaitan dengan "mail 
relaying" dan bypass antispam/antivirus.



Baik Pak



Kelihatannya SMTP screening diaktifkan ya.
Coba periksa berapa besar nilainya.


Benar Pak, untuk SMTP Screening aktif dan nilainya adalah sbb :

Blok IPs that connect more than 100 times in 3 minutes

Tapi sepertinya mulai jam 17.04 sudah bisa masuk kembali pak.

Tue 2023-03-14 17:04:10.342: 05: [38437446] Session 38437446; child 0002

Tue 2023-03-14 17:04:10.342: 05: [38437446] Accepting SMTP connection 
from 168.245.118.232:33966 to 103.150.114.155:25
Tue 2023-03-14 17:04:10.342: 07: [38437446] Location Screen says 
connection is from United States, North America
Tue 2023-03-14 17:04:10.343: 03: [38437446] --> 220 mail.persada.id 
ESMTP MDaemon 23.0.0; Tue, 14 Mar 2023 17:04:10 +0700

Tue 2023-03-14 17:04:10.567: 02: [38437446] <-- EHLO o1.ptr5115.jurnal.id

Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-mail.persada.id 
Hello o1.ptr5115.jurnal.id [168.245.118.232], pleased to meet you

Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-ETRN

Tue 2023-03-14 17:04:10.568: 07: [38437446] Location Screening hiding 
AUTH from country United States, North America

Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-8BITMIME
Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-ENHANCEDSTATUSCODES
Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-PIPELINING
Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-CHUNKING
Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250-STARTTLS
Tue 2023-03-14 17:04:10.568: 03: [38437446] --> 250 SIZE
Tue 2023-03-14 17:04:10.793: 02: [38437446] <-- STARTTLS
Tue 2023-03-14 17:04:10.793: 03: [38437446] --> 220 2.7.0 Ready to start TLS

Tue 2023-03-14 17:04:11.290: 01: [38437446] SSL negotiation successful 
(TLS 1.2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)

Tue 2023-03-14 17:04:11.515: 02: [38437446] <-- EHLO o1.ptr5115.jurnal.id

Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-mail.persada.id 
Hello o1.ptr5115.jurnal.id [168.245.118.232], pleased to meet you

Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-ETRN

Tue 2023-03-14 17:04:11.515: 07: [38437446] Location Screening hiding 
AUTH from country United States, North America

Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-8BITMIME
Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-ENHANCEDSTATUSCODES
Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-PIPELINING
Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-CHUNKING
Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250-REQUIRETLS
Tue 2023-03-14 17:04:11.515: 03: [38437446] --> 250 SIZE

Tue 2023-03-14 17:04:11.756: 02: [38437446] <-- MAIL 
FROM:<bounces+11642051-eb32-bambang.setiawan=persada...@em2413.talenta.co> 
BODY=8BITMIME
Tue 2023-03-14 17:04:11.763: 05: [38437446] Performing PTR lookup 
(232.118.245.168.IN-ADDR.ARPA)
Tue 2023-03-14 17:04:11.778: 05: [38437446] * 
D=232.118.245.168.IN-ADDR.ARPA TTL=(13) PTR=[o1.ptr5115.jurnal.id]
Tue 2023-03-14 17:04:11.793: 05: [38437446] * D=o1.ptr5115.jurnal.id 
TTL=(5) A=[168.245.118.232]

Tue 2023-03-14 17:04:11.793: 05: [38437446] ---- End PTR results

Tue 2023-03-14 17:04:11.796: 05: [38437446] Performing IP lookup 
(o1.ptr5115.jurnal.id)
Tue 2023-03-14 17:04:11.798: 05: [38437446] * D=o1.ptr5115.jurnal.id 
TTL=(5) A=[168.245.118.232]

Tue 2023-03-14 17:04:11.798: 05: [38437446] ---- End IP lookup results

Tue 2023-03-14 17:04:11.804: 05: [38437446] Performing IP lookup 
(em2413.talenta.co)
Tue 2023-03-14 17:04:12.188: 05: [38437446] *  P=020 S=001 
D=u11642051.wl052.sendgrid.net TTL=(30) MX=[mx.sendgrid.net]
Tue 2023-03-14 17:04:12.190: 05: [38437446] *  D=mx.sendgrid.net 
TTL=(20) A=[167.89.123.50]
Tue 2023-03-14 17:04:12.190: 05: [38437446] *  D=mx.sendgrid.net 
TTL=(20) A=[167.89.118.48]

Tue 2023-03-14 17:04:12.190: 05: [38437446] ---- End IP lookup results

Tue 2023-03-14 17:04:12.199: 09: [38437446] Performing SPF lookup 
(o1.ptr5115.jurnal.id / 168.245.118.232)
Tue 2023-03-14 17:04:12.331: 09: [38437446] *  Result: none; no SPF 
record in DNS

Tue 2023-03-14 17:04:12.331: 09: [38437446] ---- End SPF results

Tue 2023-03-14 17:04:12.331: 09: [38437446] Performing SPF lookup 
(em2413.talenta.co / 168.245.118.232)
Tue 2023-03-14 17:04:12.352: 09: [38437446] *  Policy: v=spf1 
ip4:168.245.118.232 -all
Tue 2023-03-14 17:04:12.352: 09: [38437446] *  Evaluating 
ip4:168.245.118.232: match

Tue 2023-03-14 17:04:12.352: 09: [38437446] *  Result: pass
Tue 2023-03-14 17:04:12.352: 09: [38437446] ---- End SPF results
Tue 2023-03-14 17:04:12.352: 03: [38437446] --> 250 2.1.0 Sender OK

Tue 2023-03-14 17:04:12.577: 02: [38437446] <-- RCPT 
TO:<bambang.setia...@persada.id>
Tue 2023-03-14 17:04:12.590: 05: [38437446] Performing DNS-BL lookup 
(168.245.118.232 - connecting IP)

Tue 2023-03-14 17:04:12.672: 05: [38437446] *  bl.spamcop.net - passed
Tue 2023-03-14 17:04:12.672: 05: [38437446] ---- End DNS-BL results
Tue 2023-03-14 17:04:12.672: 03: [38437446] --> 250 2.1.5 Recipient OK
Tue 2023-03-14 17:04:12.904: 02: [38437446] <-- DATA

Tue 2023-03-14 17:04:12.907: 03: [38437446] --> 354 Enter mail, end with 
<CRLF>.<CRLF>

Tue 2023-03-14 17:04:13.320: 01: [38437446] Message size: 23743 bytes
Tue 2023-03-14 17:04:13.324: 10: [38437446] Performing DKIM verification

Tue 2023-03-14 17:04:13.324: 10: [38437446] *  File: 
c:\mdaemon\queues\temp\md50000037757.tmp
Tue 2023-03-14 17:04:13.324: 10: [38437446] *  Message-ID: 
<b1963250b422d808b8b1ec6986b21c11@swift.generated>
Tue 2023-03-14 17:04:13.423: 10: [38437446] * DKIM-Signature 1: v=1; 
a=rsa-sha256; c=relaxed/relaxed; d=talenta.co; s=s1; <some tags are not 
logged>
Tue 2023-03-14 17:04:13.423: 10: [38437446] *    Verification result: 
good signature

Tue 2023-03-14 17:04:13.425: 10: [38437446] *  Result: pass
Tue 2023-03-14 17:04:13.425: 10: [38437446] ---- End DKIM results

Tue 2023-03-14 17:04:13.431: 06: [38437446] Passing message through 
AntiVirus (Size: 23743)...
Tue 2023-03-14 17:04:13.572: 06: [38437446] *  Message is clean (no 
viruses found) scanned by (ClamAV)

Tue 2023-03-14 17:04:13.572: 06: [38437446] ---- End AntiVirus results

Tue 2023-03-14 17:04:13.783: 11: [38437446] Passing message through 
Outbreak Protection...
Tue 2023-03-14 17:04:13.783: 11: [38437446] *  Message-ID: 
<b1963250b422d808b8b1ec6986b21c11@swift.generated>
Tue 2023-03-14 17:04:13.783: 11: [38437446] *  Reference-ID: 
str=0001.0A67340E.6410469D.0063:SCFSTAT56568169,ss=1,re=-4.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0

Tue 2023-03-14 17:04:13.783: 11: [38437446] *  Virus result: 0 - Clean
Tue 2023-03-14 17:04:13.783: 11: [38437446] *  Spam result: 1 - Clean
Tue 2023-03-14 17:04:13.783: 11: [38437446] *  IWF result: 0 - Clean

Tue 2023-03-14 17:04:13.784: 11: [38437446] ---- End Outbreak Protection 
results
Tue 2023-03-14 17:04:13.785: 07: [38437446] Passing message through Spam 
Filter (Size: 23743)...
Tue 2023-03-14 17:04:14.033: 07: [38437446] *  0.0 HTML_MESSAGE BODY: 
HTML included in message
Tue 2023-03-14 17:04:14.033: 07: [38437446] *  2.5 
FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

Tue 2023-03-14 17:04:14.033: 07: [38437446] ---- End SpamAssassin results
Tue 2023-03-14 17:04:14.033: 07: [38437446] Spam Filter score/req: 2.50/12.0

Tue 2023-03-14 17:04:14.223: 01: [38437446] Message creation successful: 
c:\mdaemon\queues\inbound\md50006140760.msg
Tue 2023-03-14 17:04:14.223: 03: [38437446] --> 250 2.6.0 Ok, message 
saved <Message-ID: <b1963250b422d808b8b1ec6986b21c11@swift.generated>>

Tue 2023-03-14 17:04:14.270: 02: [38437446] <-- QUIT

Tue 2023-03-14 17:04:14.270: 03: [38437446] --> 221 2.0.0 See ya in 
cyberspace
Tue 2023-03-14 17:04:14.270: 01: [38437446] SMTP session successful 
(Bytes in/out: 24702/4562)


Terima kasih

--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.0, SecurityGateway 9.0.1
























					Kirim email ke