On 1/19/24 15:10, Hengga KMN wrote:
Server yang mana?
Pakai MDaemon versi berapa?
Server MDaemon, saat ini msh versi 18.0.6
Kenapa pakai versi MDaemon yang sudah tidak lagi di support oleh
MDaemon.com?
Apakah run di OS windows yang masih di support oleh microsoft.com?
Apa itu abusedipdb.com?
Situs yang saat ini saya gunakan untuk verifikasi apakah suatu IP yang
ketangkap error login di log SMTP(in) atau pun log POP3 di MDaemon itu, IP yang
memang verified mencoba abused (hacked) ke MDaemon atau hanya tidak sengaja
masuk.
Oh maksudnya https://www.abuseipdb.com
peruntukkannya bukan untuk mail server, tetapi web server atau SSH server.
https://www.abuseipdb.com/faq.html
What is AbuseIPDB.com?
AbuseIPDB is a project dedicated to helping systems administrators
and webmasters check and report IP addresses that are involved in
malicious activity such as spamming, hack attempts, DDoS attacks,
etc.
We provide a free API for both reporting malicious IP addresses
detected on your systems, and checking IP addresses for reported
malicious activity.
Contohnya log SMTP-in berikut:
Fri 2024-01-19 00:05:47.850: Session 563512; child 0001
Fri 2024-01-19 00:05:47.850: Accepting SMTP connection from 134.249.44.8:13266
to 172.16.24.23:587
Fri 2024-01-19 00:05:47.851: --> 220 mail.anjhealthcare.com ESMTP MSA Fri, 19
Jan 2024 00:05:47 +0700
Fri 2024-01-19 00:05:48.048: <-- EHLO BZ3a8FtDn
Fri 2024-01-19 00:05:48.048: --> 250-mail.anjhealthcare.com Hello BZ3a8FtDn
[134.249.44.8], pleased to meet you
Fri 2024-01-19 00:05:48.048: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Fri 2024-01-19 00:05:48.048: --> 250-8BITMIME
Fri 2024-01-19 00:05:48.048: --> 250-ENHANCEDSTATUSCODES
Fri 2024-01-19 00:05:48.048: --> 250-STARTTLS
Fri 2024-01-19 00:05:48.048: --> 250 SIZE
Fri 2024-01-19 00:05:48.244: <-- STARTTLS
Fri 2024-01-19 00:05:48.244: --> 220 2.7.0 Ready to start TLS
Fri 2024-01-19 00:05:48.642: SSL negotiation successful (TLS 1.2, 256 bit key
exchange, 256 bit AES encryption)
Fri 2024-01-19 00:05:48.838: <-- EHLO BZ3a8FtDn
Fri 2024-01-19 00:05:48.838: --> 250-mail.anjhealthcare.com Hello BZ3a8FtDn
[134.249.44.8], pleased to meet you
Fri 2024-01-19 00:05:48.838: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Fri 2024-01-19 00:05:48.838: --> 250-8BITMIME
Fri 2024-01-19 00:05:48.838: --> 250-ENHANCEDSTATUSCODES
Fri 2024-01-19 00:05:48.838: --> 250 SIZE
Fri 2024-01-19 00:05:49.034: <-- AUTH LOGIN
Fri 2024-01-19 00:05:49.034: --> 334 VXNlcm5hbWU6
Fri 2024-01-19 00:05:49.231: <--
aGVuZ2dhLmhpdGNoY29ja0BhbmpoZWFsdGhjYXJlLmNvbQ==
Fri 2024-01-19 00:05:49.231: --> 334 UGFzc3dvcmQ6
Fri 2024-01-19 00:05:49.426: <-- ******
Fri 2024-01-19 00:05:49.426: Authenticating
hengga.hitchc...@anjhealthcare.com...
Fri 2024-01-19 00:05:49.632: Incorrect password
Fri 2024-01-19 00:05:49.632: **** ALERT **** Failed SMTP authentication attempt from
134.249.44.8 for "hengga.hitchc...@anjhealthcare.com" [EvSecurity]
Fri 2024-01-19 00:05:49.836: --> 535 5.7.8 Authentication failed
Fri 2024-01-19 00:05:50.036: * Socket error 590615 - The sender has finished
using the connection and has initiated a shutdown.
Fri 2024-01-19 00:05:50.037: SMTP session terminated (Bytes in/out: 1020/2413)
Fri 2024-01-19 00:05:50.037: ----------
Hacking attempt macam ini sangat mudah ditolak oleh MDaemon versi 23.5.x.
Tetapi di MD 18.x pun bisa juga kok, cukup dengan mengaktifkan Dynamic
Screening dan Location Screening yang walaupun kemampuannya masih
terbatas di MD 18.x tetapi sudah cukup memblock koneksi macam itu.
--
syafril
--------
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.2 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
Life is really simple, but we insist on making it complicated.
--- Confucius
--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.com
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.5.1, SecurityGateway 9.5.2
