[mdaemon-l] SPAM

[Syafril Hermansyah]

On 27/04/18 11:20, Norman Sinaga (norman.sin...@puninar.com) wrote:
> Akhir – akhir ini banyak sekali SPAM  masuk ke email kami,


Perlihatkan message header dari spam mail tersebut.

Salin message header itu ke notepad lalu lampirkan kesini agar lebih
mudah dibaca.

Cara melihat message hader

https://www.ablebits.com/office-addins-blog/2013/08/07/view-outlook-email-headers/

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Banyak yang tidak menyadari bahwa untuk bisa menjadi pemimpin yang baik
sebenarnya harus pernah membuktikan dirinya pernah menjadi orang yang
dipimpin.
--- Dahlan Iskan


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] SPAM

[Norman Sinaga]

Dear Pak Syafril,

Saya Norman dari PT Puninar Jaya,

Akhir - akhir ini banyak sekali SPAM  masuk ke email kami,
[cid:image001.png@01D3DE1A.1F725960]




Apakah ada solusi dari Duta Int untuk menangani masalah ini ?

Terimakasih


Norman Sinaga

[mdaemon-l] Kasus Hijack

[Syafril Hermansyah]

On 27/04/18 08:22, Ivan (bluesky1...@gmail.com) wrote:
>> Kalau jumlah outbound spam mail belum mencapai limit yang ditetap di
>> account hijack detection maka account hijack detector belum terpicu
>> bekerja.
>>
>> http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?security--hijack_detection.htm
>>
> Yes pak secara logika pasti sudah mencapai krn kirim ribuan email,


Periksa ke smtp-out dan smtp-in log untuk melihat faktanya.
Logika tanpa fakta tidak valid.

> tapi  akun tsb di di freeze sama MD, sy jd binun kenapa ga terdetect MD.


Kalau spam mail recipient local user/account tidak akan terdeteksi oleh
Account Hijack Detection.



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Wisdom comes not from age, but from education and learning.
--- Anton Chekhov


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] WARNING: Message delivery failed

[Syafril Hermansyah]

On 27/04/18 08:03, Ceppy Multi Anggara (cepotg...@gmail.com) wrote:
> Ijin bertanya mengenai permasalahan berikut, soalnya user saya tanya
> selalu login gmail nya via browser.


>   [935800] <-- 550-5.7.1 Unauthenticated email from dropbox.com is not 
> accepted due to domain's
>   [935800] <-- 550-5.7.1 DMARC policy. Please contact the administrator of 
> dropbox.com domain
>   [935800] <-- 550-5.7.1 if this was a legitimate mail. Please visit
>   [935800] <-- 550-5.7.1  https://support.google.com/mail/answer/2451690 to 
> learn about the
>   [935800] <-- 550 5.7.1 DMARC initiative. x28si110996pfa.37 - gsmtp


Mail ditolak karena mail aslinya berasal dropbox.com yang mengaktifkan
DMARC paranoide mode.
DMARC adalah antispoofing protocol (mirip DKIM dan SPF), yang mencheck
FROM .
Di mode paranoid (parameter p=reject), mail dari domain yang diproteksi
dengan DMARC tidak bisa di autoforward ke akun lain yang server
penerimanya mengaktifkan DMARC detection seperti gmail.com (dan MDaemon,
walau di MDaemon bisa di set untuk accept atau whitelist)

DMARC paranoid hanya bisa diatasi jika server yang melakukan autoforward
mengaktifkan ARC (Authenticate Receive Chain).

https://www.dmarcanalyzer.com/arc-is-here/

Saya sudah meminta (wish list) ARC ke altn.com developer, semoga bisa
diimplementasi di MDaemon versi mendatang.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Friendship... is not something you learn in school. But if you haven't
learned the meaning of friendship, you really haven't learned anything.
--- Muhammad Ali


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] Kasus Hijack

[Ivan]

On 26/04/18 20:07, Syafril Hermansyah wrote:

Kalau jumlah outbound spam mail belum mencapai limit yang ditetap di
account hijack detection maka account hijack detector belum terpicu bekerja.

Juga kalau akun itu masuk dalam account hijack detection whitelist,
tidak akan bekerja.

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?security--hijack_detection.htm
Yes pak secara logika pasti sudah mencapai krn kirim ribuan email, tapi 
akun tsb di di freeze sama MD, sy jd binun kenapa ga terdetect MD. dan


hijack detection whitelist kosong pak


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] WARNING: Message delivery failed

[Ceppy Multi Anggara]

Selamat pagi pak Syafril,

Ijin bertanya mengenai permasalahan berikut, soalnya user saya tanya selalu 
login gmail nya via browser.


Terima kasih
Ceppy MA
BMKG

--- Forwarded message ---
From: MDaemon at dip2.dutaint.com 
Date: 27 April 2018 7:55:31 AM
Subject: WARNING: Message delivery failed
To: layanan.l...@bmkg.go.id



=  Greetings from the MDaemon mail system at dip2.dutaint.com  =


The following message:

Session-ID: 935800 (specific to this delivery attempt)
  Queue-ID: pd35000286417.msg
Message-ID: 
0100016304869295-458eb7c1-b3ef-4096-9f94-7ac19fd568e9-000...@email.amazonses.com


could not be delivered to the following recipient(s):

kentan...@gmail.com (unrecoverable error)

despite one or more unsuccessful attempts to do so.

No further delivery attempts will be made and the message has been removed 
from the queue.


The original message headers may follow at the end of this report.  For 
information on DSN messages see http://www.altn.com/dsn/.


Please quote the Queue-ID, Session-ID, and Message-ID found above in any 
inquiries regarding this message.



=  Session Transcript  =


 [935800] Session 935800; child 0021
 [935800] Parsing message 
 [935800] *  From: no-re...@dropbox.com
 [935800] *  To: kentan...@gmail.com
 [935800] *  Subject: We noticed a new sign in to your Dropbox
 [935800] *  Size (bytes): 11954
 [935800] *  Message-ID: 
 <0100016304869295-458eb7c1-b3ef-4096-9f94-7ac19fd568e9-000...@email.amazonses.com>

 [935800] Resolving MX record for gmail.com (DNS Server: 8.8.8.8)...
 [935800] *  P=005 S=000 D=gmail.com TTL=(49) MX=[gmail-smtp-in.l.google.com]
 [935800] *  P=010 S=001 D=gmail.com TTL=(49) 
 MX=[alt1.gmail-smtp-in.l.google.com]
 [935800] *  P=020 S=003 D=gmail.com TTL=(49) 
 MX=[alt2.gmail-smtp-in.l.google.com]
 [935800] *  P=030 S=002 D=gmail.com TTL=(49) 
 MX=[alt3.gmail-smtp-in.l.google.com]
 [935800] *  P=040 S=004 D=gmail.com TTL=(49) 
 MX=[alt4.gmail-smtp-in.l.google.com]

 [935800] Attempting SMTP connection to gmail-smtp-in.l.google.com
 [935800] Resolving A record for gmail-smtp-in.l.google.com (DNS Server: 
 8.8.8.8)...

 [935800] *  D=gmail-smtp-in.l.google.com TTL=(4) A=[74.125.200.27]
 [935800] Attempting SMTP connection to 74.125.200.27:25
 [935800] Waiting for socket connection...
 [935800] *  Connection established 113.20.30.171:39644 --> 74.125.200.27:25
 [935800] Waiting for protocol to start...
 [935800] <-- 220 mx.google.com ESMTP x28si110996pfa.37 - gsmtp
 [935800] --> EHLO dip2.dutaint.com
 [935800] <-- 250-mx.google.com at your service, [113.20.30.171]
 [935800] <-- 250-SIZE 157286400
 [935800] <-- 250-8BITMIME
 [935800] <-- 250-STARTTLS
 [935800] <-- 250-ENHANCEDSTATUSCODES
 [935800] <-- 250-PIPELINING
 [935800] <-- 250-CHUNKING
 [935800] <-- 250 SMTPUTF8
 [935800] --> STARTTLS
 [935800] <-- 220 2.0.0 Ready to start TLS
 [935800] SSL negotiation successful (TLS 1.2, 256 bit key exchange, 128 bit 
 AES encryption)
 [935800] SSL certificate is not valid (does not match 
 gmail-smtp-in.l.google.com and/or is not signed by recognized CA)

 [935800] --> EHLO dip2.dutaint.com
 [935800] <-- 250-mx.google.com at your service, [113.20.30.171]
 [935800] <-- 250-SIZE 157286400
 [935800] <-- 250-8BITMIME
 [935800] <-- 250-ENHANCEDSTATUSCODES
 [935800] <-- 250-PIPELINING
 [935800] <-- 250-CHUNKING
 [935800] <-- 250 SMTPUTF8
 [935800] --> MAIL From: SIZE=11954
 [935800] <-- 250 2.1.0 OK x28si110996pfa.37 - gsmtp
 [935800] --> RCPT To:
 [935800] <-- 250 2.1.5 OK x28si110996pfa.37 - gsmtp
 [935800] --> DATA
 [935800] <-- 354  Go ahead x28si110996pfa.37 - gsmtp
 [935800] Sending  to 
 [74.125.200.27]

 [935800] Transfer Complete
 [935800] <-- 550-5.7.1 Unauthenticated email from dropbox.com is not 
 accepted due to domain's
 [935800] <-- 550-5.7.1 DMARC policy. Please contact the administrator of 
 dropbox.com domain

 [935800] <-- 550-5.7.1 if this was a legitimate mail. Please visit
 [935800] <-- 550-5.7.1  https://support.google.com/mail/answer/2451690 to 
 learn about the

 [935800] <-- 550 5.7.1 DMARC initiative. x28si110996pfa.37 - gsmtp
 [935800] --> QUIT


=End Transcript=



X-MDAV-Processed: dip2.dutaint.com, Fri, 27 Apr 2018 07:36:23 +0700
Received: by dip2.dutaint.com (MDaemon PRO v18.0.0) with ESMTPSA id 37-md5009298.msg; 
	Fri, 27 Apr 2018 07:36:21 +0700
X-Spam-Processed: dip2.dutaint.com, Fri, 27 Apr 2018 07:36:21 +0700
	(not processed: spam filter heuristic analysis disabled)
X-MDRemoteIP: 202.90.199.44
X-MDHelo: mail.bmkg.go.id
X-MDArrival-Date: Fri, 27 Apr 2018 07:36:21 +0700
X-Authenticated-Sender: bmkg.go.id
X-Return-Path: prvs=165544776a=layanan.l...@bmkg.go.id
X-Envelope-From: prvs=165544776a=layanan.l...@bmkg.go.id
X-MDaemon-Deliver-To: kentan...@gmail.com
X-CAV-Result: clean
X-MDAV-Re

[mdaemon-l] Tips : bypass location screening utk user tertentu

[Syafril Hermansyah]

Hallo,


Penerapan Location Screening di MDaemon 17.5.0 keatas akan mengurangi
drastis kemngkinan akun terkena hijack

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42186.html

khususnya bagi user yang belum menerapkan strong password.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42271.html

hal itu karena beberapa negara dikenali banyak melakukan hijack/spam

https://www.spamhaus.org/statistics/countries/

Akan tetapi beberapa VVIP atau Tenaga Kerja Ahli (Expatriate) perusahaan
perlu/sering bepergian ke luar negeri yang mungkin ke negara-2x yang
masuk dalam "The 10 Worst Spam Countries" atau punya cabang di luar negeri.

Di MDaemon versi 18.0 diberikan cara untuk bypass geo location screening
bagi user tertentu khususnya jika user itu menggunakan Activesync Protocol.

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?activesync--devices.htm


pilih activesyn client/user lalu aktifkan

[x] Exempt from Location Screen

Activesync client bisa berupa Ponsel (Cellphone, Mobile Device) atau
PC/Laptop email client yang mendukung Protocol Activesync.
Activesync mendukung Email/Message Sync, Calendar Sync dan Contact Sync


http://www.altn.com/Products/MDaemon-Email-Server-Windows/Mail-Server-Mobile-Access/Android-ActiveSync/

http://www.altn.com/Products/MDaemon-Email-Server-Windows/Mail-Server-Mobile-Access/iPhone-ActiveSync/

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-02501

http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-02544


-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Tell me and I forget. Teach me and I remember. Involve me and I learn.
--- Benjamin Franklin


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] Kasus Hijack

[Syafril Hermansyah]

On 2018-04-26 17:18, Ivan (bluesky1...@gmail.com) wrote:
> Pak minggu lalu user saya ada yg kena hijack walaupun sudah secure
> password, mungkin dia sembarang register di web ga jelas. sehingga
> account tsb dipakai mengirim ribuan email dalam 1 malam
> pertanyaan saya kenapa hijack prevention setting tidak berfungsi saat
> kirim email sampai ribuan ini :


Kalau jumlah outbound spam mail belum mencapai limit yang ditetap di
account hijack detection maka account hijack detector belum terpicu bekerja.

Juga kalau akun itu masuk dalam account hijack detection whitelist,
tidak akan bekerja.

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?security--hijack_detection.htm

Account Hijack Detection

The options on this screen can be used to detect a possibly hijacked
MDaemon account and automatically prevent it from sending messages
through your server. For example, if a spammer somehow obtained an
account's email address and password then this feature could prevent the
spammer from using the account to send bulk junk e-mail through your
system. You can designate a maximum number of messages that may be sent
by an account in a given number of minutes, based on the IP address from
which it is connecting. You can also choose to disable accounts that
reach the limit. There is also a White List that can be used to exempt
certain addresses from this restriction. Account Hijack Detection is
enabled by default.

> IP *202.171.41.162 *contoh IP hacker nya tidak terblock oleh hijack
> detestion sy cek di log DynScrn IP tersebut tidak terblock dan account
> tidak freeze. Kenapa bisa lolos ya ? IP ini tercatat di SMTP-in log
> banyak sekali berhasil login.


IP 202.171.41.162 dari negara malaysia, kalau Geo Location Screening
diaktifkan tidak akan bisa pakai akun yang sudah diketahui passwordnya
sekalipun.

http://mdaemon.dutaint.co.id/mdaemon/18.0/index.html?screening_location-screening.htm

[x] SMTP connections are accepted but authentication is blocked

lihat lagi ke arsip yl untuk pencegahan akun terkena hijack.

https://www.mail-archive.com/mdaemon-l@dutaint.com/msg42186.html






-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 18.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Masa depan bukan mrpkan terusan masa silam. Masa depan akan mrpkan
rangkaian peristiwa yg diskontinyu. Kita hrs lupakan cara menghdpi masa
silam utk menangani masa depan
-- Charles Handy


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] Hijack detection

[Syafril Hermansyah]

On 2018-04-26 17:16, Syafril Hermansyah (syaf...@dutaint.co.id) wrote:
>> tapi di seluruh Dynscrn log utk tgl 26-04-18 tidak ada yg status Freeze > 0 
>> jd dimana lagi bisa cek nya ?
> Di notification message dari MDaemon ke postmaster account alias.


Oops sorry.
Checknya di smtp-out log.

Account hijack detection menghitung jumlah mail di smtp-out log.



-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, MDaemon 18.0-64
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Masalah pertama bagi kita semua, laki-2x dan perempuan, bukanlah
belajar, tetapi tidak belajar
-- Gloria Steinem


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] Kasus Hijack

[Ivan]

Pak minggu lalu user saya ada yg kena hijack walaupun sudah secure 
password, mungkin dia sembarang register di web ga jelas. sehingga 
account tsb dipakai mengirim ribuan email dalam 1 malam
pertanyaan saya kenapa hijack prevention setting tidak berfungsi saat 
kirim email sampai ribuan ini :


IP *202.171.41.162 *contoh IP hacker nya tidak terblock oleh hijack 
detestion sy cek di log DynScrn IP tersebut tidak terblock dan account 
tidak freeze. Kenapa bisa lolos ya ? IP ini tercatat di SMTP-in log 
banyak sekali berhasil login.

solusi saat ini lsg saya reset password lsg stop.

posisi setting hijack sbb :


contoh log smtp-in :

Sun 2018-04-15 00:03:10.214: 05: Session 631749; child 0001
Sun 2018-04-15 00:03:10.214: 05: Accepting SMTP connection from 
202.171.41.162:55467 to 192.168.10.2:587
Sun 2018-04-15 00:03:10.215: 03: --> 220 webmail.pttdp.com ESMTP MSA 
MDaemon 17.5.1; Sun, 15 Apr 2018 00:03:10 +0700

Sun 2018-04-15 00:03:10.240: 02: <-- EHLO mymobile.gov.my
Sun 2018-04-15 00:03:10.240: 03: --> 250-webmail.pttdp.com Hello 
mymobile.gov.my [*202.171.41.162*], pleased to meet you

Sun 2018-04-15 00:03:10.240: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sun 2018-04-15 00:03:10.240: 03: --> 250-8BITMIME
Sun 2018-04-15 00:03:10.241: 03: --> 250-ENHANCEDSTATUSCODES
Sun 2018-04-15 00:03:10.241: 03: --> 250-STARTTLS
Sun 2018-04-15 00:03:10.241: 03: --> 250 SIZE 3000
Sun 2018-04-15 00:03:10.266: 02: <-- STARTTLS
Sun 2018-04-15 00:03:10.266: 03: --> 220 2.7.0 Ready to start TLS
Sun 2018-04-15 00:03:10.323: 01: SSL negotiation successful (TLS 1.0, 
2048 bit key exchange, 256 bit AES encryption)

Sun 2018-04-15 00:03:10.348: 02: <-- EHLO mymobile.gov.my
Sun 2018-04-15 00:03:10.348: 03: --> 250-webmail.pttdp.com Hello 
mymobile.gov.my [202.171.41.162], pleased to meet you

Sun 2018-04-15 00:03:10.348: 03: --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Sun 2018-04-15 00:03:10.348: 03: --> 250-8BITMIME
Sun 2018-04-15 00:03:10.348: 03: --> 250-ENHANCEDSTATUSCODES
Sun 2018-04-15 00:03:10.348: 03: --> 250 SIZE 3000
Sun 2018-04-15 00:03:10.374: 02: <-- AUTH CRAM-MD5
Sun 2018-04-15 00:03:10.375: 03: --> 334 
PE1EQUVNT04tRjIwMTgwNDE1MDAwMy5BQTAzMTAzNzVNRDM3MTZAd2VibWFpbC5wdHRkcC5jb20+
Sun 2018-04-15 00:03:10.399: 02: <-- 
ZXN0ZXJAcHR0ZHAuY29tIDEyNDVlN2YwNjc4N2ZkNzFiYjFiYTZiNTFjOTk1OWRi

Sun 2018-04-15 00:03:10.399: 01: Authenticating es...@pttdp.com...
Sun 2018-04-15 00:03:10.401: 01: Authenticated as es...@pttdp.com
Sun 2018-04-15 00:03:10.401: 03: --> 235 2.7.0 Authentication successful
Sun 2018-04-15 00:03:10.427: 02: <-- MAIL FROM:
Sun 2018-04-15 00:03:10.428: 03: --> 250 2.1.0 Sender OK
Sun 2018-04-15 00:03:10.453: 02: <-- RCPT TO:
Sun 2018-04-15 00:03:10.456: 03: --> 250 2.1.5 Recipient OK
Sun 2018-04-15 00:03:10.483: 02: <-- DATA
Sun 2018-04-15 00:03:10.484: 01: Creating temp file (SMTP): 
e:\mdaemon\queues\temp\md5091525.tmp

Sun 2018-04-15 00:03:10.484: 03: --> 354 Enter mail, end with .
Sun 2018-04-15 00:03:10.537: 01: Message size: 1203 bytes
Sun 2018-04-15 00:03:10.538: 06: Passing message through AntiVirus 
(Size: 1203)...

Sun 2018-04-15 00:03:10.549: 06: *  Message is clean (no viruses found)
Sun 2018-04-15 00:03:10.549: 06:  End AntiVirus results
Sun 2018-04-15 00:03:10.578: 01: Message creation successful: 
e:\mdaemon\queues\inbound\md50001834914.msg
Sun 2018-04-15 00:03:10.578: 03: --> 250 2.6.0 Ok, message saved 
>

Sun 2018-04-15 00:03:10.578: 02: <-- QUIT
Sun 2018-04-15 00:03:10.578: 03: --> 221 2.0.0 See ya in cyberspace
Sun 2018-04-15 00:03:10.579: 01: SMTP session successful (Bytes in/out: 
3345/2154)


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] Hijack detection

[Syafril Hermansyah]

On 26/04/18 16:28, Ivan (bluesky1...@gmail.com) wrote:

> tapi di seluruh Dynscrn log utk tgl 26-04-18 tidak ada yg status Freeze > 0 

> jd dimana lagi bisa cek nya ?

Di notification message dari MDaemon ke postmaster account alias.

-- 
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 18.0-64 bit
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Challenges are what make life interesting and overcoming them is what
makes life meaningful.
--- Joshua J. Marine


-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1

[mdaemon-l] Hijack detection

[Ivan]

On 26/04/18 11:37, Syafril Hermansyah wrote:

Lihat ke dynscrn log.

Saya cek di logo ini tidak ada yg freeze

dari screening log :
Thu 2018-04-26 09:31:27.785: Hijack detection has frozen the 
admin...@pttdp.com account


tapi di seluruh Dynscrn log utk tgl 26-04-18 tidak ada yg status Freeze > 0
contoh :
180426 01709 D [0023] 0x41503100 Summary: 173 Connections Allowed
180426 01709 D [0023] 0x41503101 Summary: 37 Connections Refused
180426 01710 D [0023] 0x41503102 Summary: 0  Trusted IP Hits
180426 01710 D [0023] 0x41503103 Summary: 1 Whitelist Hits
180426 01710 D [0023] 0x41503104 Summary: 37 Blacklist Hits
180426 01711 D [0023] 0x4150310C Summary: 3 Location Screen Hits
180426 01711 D [0023] 0x41503105 Summary: 159    Logon Successes
180426 01711 D [0023] 0x41503106 Summary: 11 Logon Failures
180426 01711 D [0023] 0x41503107 Summary: 1  Block 
Operations
180426 01712 D [0023] 0x41503108 Summary: 0  Unblock 
Operations
180426 01712 D [0023] 0x41503109 Summary: 0  Expired 
block Operations
180426 01712 D [0023] 0x4150310A Summary: 0  Freeze 
Operations


jd dimana lagi bisa cek nya ?
--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir MD 18.0 (all-in-one), SG 5.0.1