[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 27/06/2024 10:06, Syafril Hermansyah via Mdaemon-L wrote: On 6/27/24 08:09, Agi Subagio via Mdaemon-L wrote: SecurityGateway sudah saya update ke 10.0.2 dan Dynamic Screening tetap memblok domain mail server atau allowlist (IP/hostname) karena Too many RSET. SG 10.0.2 memang belm memperbaiki bug itu. Mungkin di versi berikutnya. https://files.mdaemon.com/securitygateway/release/relnotes_en.HTM SecurityGateway 10.0.2 - June 25, 2024 FIXES [27858] fix to certain links in the "Dark Mode" theme are difficult to read due to poor contrast. [27873] fix to Sieve script fails to extract/log certain variables. [27874] fix to From Header Screening does not function. [27879] fix to when sending a message from the Delivery Queue the entire message is read into memory from disk when only the headers need to be. [27882] fix to crash when searching a particular HTML message for keywords. Sudah 2 jam lebih saya aktifkan dynamic screening dengan opsi berikut dan domain mail server belum ada yg terblok. Apakah Pak Syafril punya saran lain mengenai seting Dynamic Screening yang lebih efektif jika nantinya bug di bagian exclusions sudah teratasi? -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.1, SecurityGateway 10.0.2
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
Ini bug, karena sender IP [172.16.50.16] masuk dalam allowlist global. Saya akan laporkan ke MDaemon Security Gateway Developer. Untuk sementara coba masukkan host backend server [mbs.co.id] kedalam allowlists_hosts atau disable "Ban IPs that send this many RSET command. https://help.mdaemon.com/SecurityGateway/en/allowlists_hosts.html https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html SecurityGateway sudah saya update ke 10.0.2 dan Dynamic Screening tetap memblok domain mail server atau allowlist (IP/hostname) karena Too many RSET. Thu 2024-06-27 08:02:33: --> 250 Ok, message saved Thu 2024-06-27 08:02:33: <-- RSET Thu 2024-06-27 08:02:33: ALERT Sender has reached RSET dynamic screening threshold Thu 2024-06-27 08:02:33: --> 421 Too many RSET commands Thu 2024-06-27 08:02:33: ALERT Connection from 172.16.50.16 refused by dynamic screening; 604800 second(s) remain Thu 2024-06-27 08:02:33: SMTP session successful (Bytes in/out: 7603658/6010) -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.1, SecurityGateway 10.0.2
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 21/06/2024 13:43, Syafril Hermansyah via Mdaemon-L wrote: On 6/21/24 09:36, Agi Subagio via Mdaemon-L wrote: Carikan transaksi banned nya di Inbound Log. inbound log ada di attachment - truncate Wed 2024-06-19 18:14:09: ALERT Sender has reached RSET dynamic screening threshold Wed 2024-06-19 18:14:09: --> 421 Too many RSET commands Wed 2024-06-19 18:14:09: ALERT Connection from 172.16.50.16 refused by dynamic screening; 604800 second(s) remain Ini benar dynamic screening yang memblock. Blocking terjadi akibat adanya mail loop antara SG dengan office (backend) server. Wed 2024-06-19 18:14:08: --> 250 <>, Sender ok Wed 2024-06-19 18:14:08: <-- RCPT TO: Wed 2024-06-19 18:14:08: User is not local Wed 2024-06-19 18:14:08: == Processing RCPT scripts for recipient: b2b.notificat...@am.b2b.com.my Wed 2024-06-19 18:14:08: -- Executing: Blocklist -- Wed 2024-06-19 18:14:08: -- Executing: Tarpitting -- Wed 2024-06-19 18:14:08: -- Executing: Relaying Denied -- Wed 2024-06-19 18:14:08: -- Executing: Invalid Recipient -- Wed 2024-06-19 18:14:08: -- Executing: Validate Local Sender -- Wed 2024-06-19 18:14:08: -- Executing: DNS Blocklists (Client IP) -- Wed 2024-06-19 18:14:08: -- Executing: SPF -- Wed 2024-06-19 18:14:08: -- Executing: Callback Verification -- Wed 2024-06-19 18:14:08: --> 250 , Recipient ok Wed 2024-06-19 18:14:08: <-- DATA Wed 2024-06-19 18:14:08: --> 354 Enter mail, end with . Wed 2024-06-19 18:14:08: NULL return path, parsing message headers for sender address Wed 2024-06-19 18:14:08: Sender = mailer-dae...@mbs.co.id Wed 2024-06-19 18:14:08: Found DISABLED user Wed 2024-06-19 18:14:08: User is disabled: Wed 2024-06-19 18:14:08: Message size: 3789 bytes Wed 2024-06-19 18:14:08: Message-ID: Wed 2024-06-19 18:14:08: Accepting SMTP connection from [172.16.50.16 : 41020] on port 25 Wed 2024-06-19 18:14:08: # Sender is a local domain mail server (MBS Mail Server) Wed 2024-06-19 18:14:08: # Sender is on allowlist (IP global : 173878) Wed 2024-06-19 18:14:08: --> 250-mx.mbs.co.id Hello mbs.co.id, pleased to meet you Ini bug, karena sender IP [172.16.50.16] masuk dalam allowlist global. Saya akan laporkan ke MDaemon Security Gateway Developer. Untuk sementara coba masukkan host backend server [mbs.co.id] kedalam allowlists_hosts atau disable "Ban IPs that send this many RSET command. https://help.mdaemon.com/SecurityGateway/en/allowlists_hosts.html https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html Itu kenapa mailer-dae...@mbs.co.id statusnya bisa disable? Akun MAILER-DAEMON@ (<>, Null Reverse Path) umum dipakai sebagai system account untuk meresponse autoresponder, Return-Receive Confirmation dls. Coba diubah statusnya dari userlist menjadi enable/normal. https://help.mdaemon.com/SecurityGateway/en/user_list.html Untuk sementara Dynamic Screeninng saya matikan dulu karena bug tersebut. Sebelumnya sempat diaktifkan dengan menonaktifkan "Ban IPs that send this many RSET", tetapi domain mail server tetap ke banned walaupun opsi exclude sudah diaktifkan dan IP/host sudah didaftarkan ke dalam IP Allowlist. Ada beberapa email akun yang sengaja tidak diaktifkan di SG dg tujuan agar tidak bisa menerima email dari luar. Alamat email tsb hanya utk keperluan internal sesama domain mail server. Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender -- Sat 2024-06-22 06:00:03: -- Executing: IP Shield -- Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup -- Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required -- Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok Sat 2024-06-22 06:00:03: <-- RCPT TO: Sat 2024-06-22 06:00:03: Found DISABLED user Sat 2024-06-22 06:00:03: User is disabled: Sat 2024-06-22 06:00:03: == Processing RCPT scripts for recipient: mbsctr...@mbs.co.id Sat 2024-06-22 06:00:03: -- Executing: Blocklist -- Sat 2024-06-22 06:00:03: -- Executing: Tarpitting -- Sat 2024-06-22 06:00:03: -- Executing: Relaying Denied -- Sat 2024-06-22 06:00:03: -- Executing: Invalid Recipient -- Sat 2024-06-22 06:00:03: ** Reject 550 , Recipient unknown Sat 2024-06-22 06:00:03: --> 550 , Recipient unknown Sat 2024-06-22 06:00:03: <-- RSET Sat 2024-06-22 06:00:03: --> 250 RSET? Well, OK. Sat 2024-06-22 06:00:03: <-- RSET Sat 2024-06-22 06:00:03: --> 250 RSET? Well, OK. Sat 2024-06-22 06:00:03: <-- MAIL FROM:<> SIZE=4885 Sat 2024-06-22 06:00:03: == Processing MAIL scripts Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender -- Sat 2024-06-22 06:00:03: -- Executing: IP Shield -- Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup -- Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required -- Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok Sat 2024-06-22 06:00:03: <-- RCPT TO: Sat 2024-06-22 0
[Mdaemon-L] MDaemon - perpetual atau subscriptions ?
Dear Pak Syafril, Lisensi MDaemon Server On-Premise apakah perpetual atau subscriptions? Bagaimana dengan opsi tambahan seperti MDaemon AntiVirus/AntiSpam, MDaemon Connector for Outlook dan MDaemon ActiveSync. Apakah model lisensinya perpetual atau subscriptions? Jika sudah expired, apakah yang akan terjadi? regards, Agi -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 23.5.2, SecurityGateway 9.5.3
[Mdaemon-L] Blok email tanpa subject
On 12/02/2024 14:49, Syafril Hermansyah via Mdaemon-L wrote: On 2/12/24 12:09, Agi Subagio via Mdaemon-L wrote: Harusnya bisa kalau mengikuti contoh diarsip itu. Yang perlu diingat isian subject nya = space (kosong) jangan diberi tanda " (quote) didepan/belakangnya. Atau pakai Regular Expression. Rule Conditions: - item to compare: subject - how to compare: contains - any of the following strings (or): tidak bisa di-add jika hanya mengetik 1 kali space Oh iya kalau lewat webadmin tidak bisa, padahal SecurityGateway hanya punya Webadmin tidak punya Graphical Config seperti MDConfig. === yg ini tidak bisa, tdk ada log === Rule conditions: - item to compare: subject - how to compare: matches reguler expression - any of the following strings (or): ^[: :] === yg ini tidak bisa dg log berikut, padahal dalam email ada subject dengan spasi == Mon 2024-02-12 12:01:56: -- Executing: No Subject - Alert -- Mon 2024-02-12 12:01:56: Found text () in (subject) header Mon 2024-02-12 12:01:56: ** Sending Alert Mon 2024-02-12 12:01:56: -- End: No Subject - Alert (0.28 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Archiving -- Mon 2024-02-12 12:01:56: # Message will be archived Ini bisa match. Mon 2024-02-12 12:01:56: -- Executing: No Subject - Alert -- Mon 2024-02-12 12:01:56: Found text () in (subject) header Mon 2024-02-12 12:01:56: ** Sending Alert Mon 2024-02-12 12:01:56: -- End: No Subject - Alert (0.23 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Archiving -- Mon 2024-02-12 12:01:56: # Message will be archived Ini juga bisa Setelah saya buat ulang rule-nya, ternyata reguler expression ^[: :] tidak bisa jalan utk memblok email tanpa subject. Selain itu di MDaemon Scurity Gateway hanya memiliki satu action saja utk setiap content filtering rule, walaupun bisa berisi banyak kondisi. Tue 2024-02-13 09:01:48: -- Executing: Blocklist -- Tue 2024-02-13 09:01:48: -- End: Blocklist (0.001112 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Anti-Virus -- Tue 2024-02-13 09:01:48: Passing message through anti-virus (Size: 2638)... Tue 2024-02-13 09:01:48: * Scanning message using: Ikarus Anti-Virus for SecurityGateway Tue 2024-02-13 09:01:48: * Message is clean (no viruses found) Tue 2024-02-13 09:01:48: -- End: Anti-Virus (0.007445 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Outbreak Protection (Anti-Virus) -- Tue 2024-02-13 09:01:48: Passing message through Outbreak Protection (Size: 2638)... Tue 2024-02-13 09:01:48: * Reference-ID: str=0001.0A67342A.65CACD8C.009C,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0 Tue 2024-02-13 09:01:48: * Spam threat level: Clean Tue 2024-02-13 09:01:48: * Virus threat level: Clean Tue 2024-02-13 09:01:48: -- End: Outbreak Protection (Anti-Virus) (0.170282 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Outbreak Protection (Spam) -- Tue 2024-02-13 09:01:48: -- End: Outbreak Protection (Spam) (0.06 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: DKIM -- Tue 2024-02-13 09:01:48: -- End: DKIM (0.03 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: DMARC -- Tue 2024-02-13 09:01:48: -- End: DMARC (0.02 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: URI Blocklists (URIBL) -- Tue 2024-02-13 09:01:48: -- End: URI Blocklists (URIBL) (0.02 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: SpamAssassin -- Tue 2024-02-13 09:01:48: -- End: SpamAssassin (0.02 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Attachment Filtering -- Tue 2024-02-13 09:01:48: -- End: Attachment Filtering (0.001050 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Daily Report - Discard -- Tue 2024-02-13 09:01:48: -- End: Daily Report - Discard (0.15 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Phising - Discard -- Tue 2024-02-13 09:01:48: -- End: Phising - Discard (0.000348 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Undeliverable - Discard -- Tue 2024-02-13 09:01:48: -- End: Undeliverable - Discard (0.06 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: No Subject - Alert -- Tue 2024-02-13 09:01:48: -- End: No Subject - Alert (0.07 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Archiving -- Tue 2024-02-13 09:01:48: # Message will be archived Tue 2024-02-13 09:01:48: -- End: Archiving (0.002549 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Bayesian Auto Learning -- Tue 2024-02-13 09:01:48: -- End: Bayesian Auto Learning (0.18 seconds) -- Tue 2024-02-13 09:01:48: -- Executing: Message Score -- Tue 2024-02-13 09:01:48: -- End: Message Score (0.03 seconds) -- Tue 2024-02-13 09:01:48: * Final Score: 0.00 -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan:
[Mdaemon-L] Blok email tanpa subject
On 12/02/2024 11:40, Syafril Hermansyah via Mdaemon-L wrote: On 2/12/24 10:42, Agi Subagio via Mdaemon-L wrote: Saya pengguna MDaemon Security Gateway v9.5.3 sbg email gateway, sedangkan mail servernya menggunakan merk lain. Saya mencoba membuat rule di Content Filtering untuk meemblok email tanpa subject dengan mengirimkan alert ke sender. Saya sudah mengikuti cara ini, tetapi tidak berhasil. Ada saran? https://www.mail-archive.com/mdaemon-l@dutaint.com/msg21401.html Harusnya bisa kalau mengikuti contoh diarsip itu. Yang perlu diingat isian subject nya = space (kosong) jangan diberi tanda " (quote) didepan/belakangnya. Atau pakai Regular Expression. Rule Conditions: - item to compare: subject - how to compare: contains - any of the following strings (or): tidak bisa di-add jika hanya mengetik 1 kali space === yg ini tidak bisa, tdk ada log === Rule conditions: - item to compare: subject - how to compare: matches reguler expression - any of the following strings (or): ^[: :] === yg ini tidak bisa dg log berikut, padahal dalam email ada subject dengan spasi == Mon 2024-02-12 12:01:56: # Executing outbound scripts Mon 2024-02-12 12:01:56: -- Executing: Blocklist -- Mon 2024-02-12 12:01:56: -- End: Blocklist (0.24 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Anti-Virus -- Mon 2024-02-12 12:01:56: -- End: Anti-Virus (0.03 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Outbreak Protection (Anti-Virus) -- Mon 2024-02-12 12:01:56: -- End: Outbreak Protection (Anti-Virus) (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Outbreak Protection (Spam) -- Mon 2024-02-12 12:01:56: -- End: Outbreak Protection (Spam) (0.00 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: DKIM -- Mon 2024-02-12 12:01:56: -- End: DKIM (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: DMARC -- Mon 2024-02-12 12:01:56: -- End: DMARC (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: URI Blocklists (URIBL) -- Mon 2024-02-12 12:01:56: -- End: URI Blocklists (URIBL) (0.00 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: SpamAssassin -- Mon 2024-02-12 12:01:56: -- End: SpamAssassin (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Attachment Filtering -- Mon 2024-02-12 12:01:56: -- End: Attachment Filtering (0.001108 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Daily Report - Discard -- Mon 2024-02-12 12:01:56: -- End: Daily Report - Discard (0.09 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Phising - Discard -- Mon 2024-02-12 12:01:56: -- End: Phising - Discard (0.003286 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Undeliverable - Discard -- Mon 2024-02-12 12:01:56: -- End: Undeliverable - Discard (0.05 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: No Subject - Alert -- Mon 2024-02-12 12:01:56: Found text () in (subject) header Mon 2024-02-12 12:01:56: ** Sending Alert Mon 2024-02-12 12:01:56: -- End: No Subject - Alert (0.28 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Archiving -- Mon 2024-02-12 12:01:56: # Message will be archived Mon 2024-02-12 12:01:56: -- End: Archiving (0.04 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Bayesian Auto Learning -- Mon 2024-02-12 12:01:56: # Bayesian Learning - Message will be learned as non-spam (ham) Mon 2024-02-12 12:01:56: -- End: Bayesian Auto Learning (0.000865 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Message Score -- Mon 2024-02-12 12:01:56: -- End: Message Score (0.02 seconds) -- Mon 2024-02-12 12:01:56: * Final Score: 0.00 Mon 2024-02-12 12:01:56: == End DATA scripts Mon 2024-02-12 12:01:56: == Processing DATA scripts for recipient: d...@mbs.co.id Mon 2024-02-12 12:01:56: # Executing outbound scripts Mon 2024-02-12 12:01:56: -- Executing: Blocklist -- Mon 2024-02-12 12:01:56: -- End: Blocklist (0.000367 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Anti-Virus -- Mon 2024-02-12 12:01:56: -- End: Anti-Virus (0.02 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Outbreak Protection (Anti-Virus) -- Mon 2024-02-12 12:01:56: -- End: Outbreak Protection (Anti-Virus) (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Outbreak Protection (Spam) -- Mon 2024-02-12 12:01:56: -- End: Outbreak Protection (Spam) (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: DKIM -- Mon 2024-02-12 12:01:56: -- End: DKIM (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: DMARC -- Mon 2024-02-12 12:01:56: -- End: DMARC (0.00 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: URI Blocklists (URIBL) -- Mon 2024-02-12 12:01:56: -- End: URI Blocklists (URIBL) (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: SpamAssassin -- Mon 2024-02-12 12:01:56: -- End: SpamAssassin (0.01 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Attachment Filtering -- Mon 2024-02-12 12:01:56: -- End: Attachment Filtering (0.15 seconds) -- Mon 2024-02-12 12:01:56: -- Executing: Daily R
[Mdaemon-L] Blok email tanpa subject
Halo, Saya pengguna MDaemon Security Gateway v9.5.3 sbg email gateway, sedangkan mail servernya menggunakan merk lain. Saya mencoba membuat rule di Content Filtering untuk meemblok email tanpa subject dengan mengirimkan alert ke sender. Saya sudah mengikuti cara ini, tetapi tidak berhasil. Ada saran? https://www.mail-archive.com/mdaemon-l@dutaint.com/msg21401.html -- Terimakasih dan salam, *Agi* -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 23.5.2, SecurityGateway 9.5.3