[mdaemon-l] MX Backup vs MX Utama
On 24/02/20 13.13, Slamet Raharjo (sraha...@aio.co.id) wrote:
>>
>> Analisis log hanya bisa dilakukan kalau lognya lengkap 1 session, tidak
>> dipotong.
>>
>> Yang namanya log 1 session lengkap dimulai dari
>>
>> Session 524471 child xxx
>> sampai dengan
>>
>> Thu 2020-02-20 11:13:00.846: [524471] SMTP session terminate/successful
>
> Berikut pak :
>
> Thu 2020-02-20 11:13:00.593: [524471] <-- MAIL FROM:
> SIZE=24762
Apakah tulisan line log "Session 524471 child xxx" tidak ada di smtp-in log?
Edit/view log file \\mdaemon\logs\MDaemon-2020-02-20-SMTP-(in).log dengan
notepad atau glogg (Gnome Log Grep) for windows atau dari Webadmin (Remote
Administration)
Lebih rinci cara melihat log ada disini
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg38093.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg38094.html
Pada prinsipnya kalau punya MX backup maka masukkan IP server MX backup kalau
masih pakai MDaemon versi lama, tetapi kalau sudah pakai MDaemon 19.x maka bisa
masukkan di whitelist sbb:
winclude {nama-domain-sendiri}, dalam hal ini dimasukkan
winclude aio.co.id
atau pakai
spf aio.co.id
Penjelasannya ada SPF whitelist form
http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?security--spf__sender_id.htm
White List
Click this button to open the SPF white list on which you can designate IP
addresses, email addresses, and domains that you wish to exempt from SPF
lookups. Email addresses are compared against the SMTP envelope not the message
>From header. Domains are whitelisted by placing the word "spf" in front of the
domain name. MDaemon will include that domain's SPF record in every SPF
evaluation using an MDaemon specific "wlinclude:" tag. In this way you
can have your backup MX provider treated as a valid SPF source for all senders.
# SPF Exception List
#
# This file lists IP addresses, email addresses, and domains which are exempt
# from SPF lookups. Email addresses are compared against the SMTP envelope value
# (not the message From header). By using the prefix "spf" in front of a domain
# name MDaemon will append that domain's SPF record to every SPF lookup result.
# In this way you can have (for example) your MX provider treated as a valid SPF
# source for all senders.
#
# Wildcards and CIDR notation are supported. One entry per line please.
#
# Examples:
# 127.0.0.1
# 192.0.2.0/24
# ar...@altn.com
# spf altn.com
127.0.0.*
192.168.*.*
10.*.*.*
172.16.0.0/12
::1
FD00::/8
FEC0::/10
FE80::/64
=
--
syafril
---
Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 20.0-64 bit Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.
Wisdom comes not from age, but from education and learning.
--- Anton Chekhov
--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia
Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 19.5.4, SecurityGateway 6.5.1
[mdaemon-l] MX Backup vs MX Utama
>
> Analisis log hanya bisa dilakukan kalau lognya lengkap 1 session, tidak
> dipotong.
>
> Yang namanya log 1 session lengkap dimulai dari
>
> Session 524471 child xxx
> sampai dengan
>
> Thu 2020-02-20 11:13:00.846: [524471] SMTP session terminate/successful
Berikut pak :
Thu 2020-02-20 11:13:00.593: [524471] <-- MAIL FROM:
SIZE=24762
Thu 2020-02-20 11:13:00.596: [524471] Performing PTR lookup
(51.81.158.202.IN-ADDR.ARPA)
Thu 2020-02-20 11:13:00.597: [524471] * D=51.81.158.202.IN-ADDR.ARPA TTL=(143)
PTR=[mx-corp3.cbn.net.id]
Thu 2020-02-20 11:13:00.599: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[210.210.188.51]
Thu 2020-02-20 11:13:00.599: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[202.158.81.51]
Thu 2020-02-20 11:13:00.599: [524471] End PTR results
Thu 2020-02-20 11:13:00.602: [524471] Performing IP lookup (mx-corp3.cbn.net.id)
Thu 2020-02-20 11:13:00.603: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[202.158.81.51]
Thu 2020-02-20 11:13:00.603: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[210.210.188.51]
Thu 2020-02-20 11:13:00.603: [524471] End IP lookup results
Thu 2020-02-20 11:13:00.606: [524471] Performing IP lookup (jti.com)
Thu 2020-02-20 11:13:00.622: [524471] * D=jti.com TTL=(17) A=[52.17.142.199]
Thu 2020-02-20 11:13:00.672: [524471] * P=000 S=000 D=jti.com TTL=(16)
MX=[in.hes.trendmicro.eu] {52.58.62.239}
Thu 2020-02-20 11:13:00.672: [524471] End IP lookup results
Thu 2020-02-20 11:13:00.675: [524471] Performing SPF lookup
(mx-corp3.cbn.net.id / 202.158.81.51)
Thu 2020-02-20 11:13:00.678: [524471] * Result: none; no SPF record in DNS
Thu 2020-02-20 11:13:00.678: [524471] End SPF results
Thu 2020-02-20 11:13:00.678: [524471] Performing SPF lookup (jti.com /
202.158.81.51)
Thu 2020-02-20 11:13:00.697: [524471] * Policy: v=spf1
include:spf.protection.outlook.com ip4:194.24.4.18 ip4:194.24.4.19 -all
Thu 2020-02-20 11:13:00.698: [524471] * Evaluating
include:spf.protection.outlook.com: performing lookup
Thu 2020-02-20 11:13:00.714: [524471] *Policy: v=spf1 ip4:40.92.0.0/15
ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48
ip6:2a01:111:f403::/48 -all
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:40.92.0.0/15: no match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:40.107.0.0/16: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:52.100.0.0/14: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:104.47.0.0/17: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip6:2a01:111:f400::/48:
no match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip6:2a01:111:f403::/48:
no match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating -all: match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating
include:spf.protection.outlook.com: no match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:194.24.4.18: no match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:194.24.4.19: no match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating -all: match
Thu 2020-02-20 11:13:00.714: [524471] * Result: fail
Thu 2020-02-20 11:13:00.714: [524471] Message will be rejected after DMARC
processing.
Thu 2020-02-20 11:13:00.714: [524471] End SPF results
Thu 2020-02-20 11:13:00.714: [524471] --> 250 2.1.0 Sender OK
Thu 2020-02-20 11:13:00.716: [524471] <-- RCPT TO:
Thu 2020-02-20 11:13:00.729: [524471] --> 250 2.1.5 Recipient OK
Thu 2020-02-20 11:13:00.731: [524471] <-- RCPT TO:
Thu 2020-02-20 11:13:00.737: [524471] --> 250 2.1.5 Recipient OK
Thu 2020-02-20 11:13:00.739: [524471] <-- DATA
Thu 2020-02-20 11:13:00.740: [524471] Creating temp file (SMTP):
c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.740: [524471] --> 354 Enter mail, end with .
Thu 2020-02-20 11:13:00.747: [524471] Message size: 23739 bytes
Thu 2020-02-20 11:13:00.748: [524471] Performing DKIM lookup
Thu 2020-02-20 11:13:00.748: [524471] * File: c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.748: [524471] * Message-ID:
Thu 2020-02-20 11:13:00.766: [524471] * DKIM-Signature 1: v=1; a=rsa-sha256;
c=relaxed/relaxed; d=jti.com; s=selector1;
Thu 2020-02-20 11:13:00.766: [524471] *Verification result: good signature
Thu 2020-02-20 11:13:00.767: [524471] * Result: pass
Thu 2020-02-20 11:13:00.767: [524471] End DKIM results
Thu 2020-02-20 11:13:00.771: [524471] Performing DMARC processing
Thu 2020-02-20 11:13:00.771: [524471] * File: c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.771: [524471] * Message-ID:
Thu 2020-02-20 11:13:00.771: [524471] * Author domain: jti.com
Thu 2020-02-20 11:13:00.772: [524471] * Organizational domain: jti.com
Thu 2020-02-20 11:13:00.772: [524471] * Query domain: _dmarc.jti.com
Thu 2020-02-20 11:13:00.794: [524471] *Policy record: v=DMARC1; p=reject;
adkim=s; aspf=s; rua=mailto:1mpft...@ag.dmarcian.eu;
ruf=mailto:1mpft...@fr.dmarcian.eu; fo=1;
Thu 2020-02-20 11:13:00.797: [524471] * Verifying report rec
[mdaemon-l] MX Backup vs MX Utama
On 24/02/20 10.50, Slamet Raharjo (sraha...@aio.co.id) wrote: > Mohon di bantu review logs di bawah ini, Analisis log hanya bisa dilakukan kalau lognya lengkap 1 session, tidak dipotong. Yang namanya log 1 session lengkap dimulai dari Session 524471 child xxx sampai dengan Thu 2020-02-20 11:13:00.846: [524471] SMTP session terminate/successful -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 20.0-64 bit Beta B Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Education is the kindling of a flame, not the filling of a vessel. --- Socrates -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 19.5.4, SecurityGateway 6.5.1
[mdaemon-l] MX Backup vs MX Utama
Dear Pak Syafril,
Mohon di bantu review logs di bawah ini, pada saat domain jti.com kirim
e-mail ke kami, jika saya cek MTA pengirim adalah MX-Backup kami yaitu
mx-corp3.cbn.net.id (bukan jti.com sebagi pengirim asli), mestinya dapat
langsung di terima oleh MX utama kami : mail.aio.co.id , karena Server utama
kami dan Koneksi Internet dalam keaadaan baik (tidak ada down ataupun putus
koneksi).
Hal ini menjadikan e-mail dari jti.com tidak kami terima, karena seolah-olah
domain jti.com di kirimkan oleh mx-corp3.cbn.net.id, sehingga di anggap
tidak cocok SPF-nya.
Untuk solusi sementara, saya sudah whitelist IP Public : mx-corp3.cbn.net.id
di SPF Whitelist.
Berikut Logsnya :
Thu 2020-02-20 11:13:00.593: [524471] <-- MAIL FROM:
SIZE=24762
Thu 2020-02-20 11:13:00.596: [524471] Performing PTR lookup
(51.81.158.202.IN-ADDR.ARPA)
Thu 2020-02-20 11:13:00.597: [524471] * D=51.81.158.202.IN-ADDR.ARPA
TTL=(143) PTR=[mx-corp3.cbn.net.id]
Thu 2020-02-20 11:13:00.599: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[210.210.188.51]
Thu 2020-02-20 11:13:00.599: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[202.158.81.51]
Thu 2020-02-20 11:13:00.599: [524471] End PTR results
Thu 2020-02-20 11:13:00.602: [524471] Performing IP lookup
(mx-corp3.cbn.net.id)
Thu 2020-02-20 11:13:00.603: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[202.158.81.51]
Thu 2020-02-20 11:13:00.603: [524471] * D=mx-corp3.cbn.net.id TTL=(31)
A=[210.210.188.51]
Thu 2020-02-20 11:13:00.603: [524471] End IP lookup results
Thu 2020-02-20 11:13:00.606: [524471] Performing IP lookup (jti.com)
Thu 2020-02-20 11:13:00.622: [524471] * D=jti.com TTL=(17)
A=[52.17.142.199]
Thu 2020-02-20 11:13:00.672: [524471] * P=000 S=000 D=jti.com TTL=(16)
MX=[in.hes.trendmicro.eu] {52.58.62.239}
Thu 2020-02-20 11:13:00.672: [524471] End IP lookup results
Thu 2020-02-20 11:13:00.675: [524471] Performing SPF lookup
(mx-corp3.cbn.net.id / 202.158.81.51)
Thu 2020-02-20 11:13:00.678: [524471] * Result: none; no SPF record in DNS
Thu 2020-02-20 11:13:00.678: [524471] End SPF results
Thu 2020-02-20 11:13:00.678: [524471] Performing SPF lookup (jti.com /
202.158.81.51)
Thu 2020-02-20 11:13:00.697: [524471] * Policy: v=spf1
include:spf.protection.outlook.com ip4:194.24.4.18 ip4:194.24.4.19 -all
Thu 2020-02-20 11:13:00.698: [524471] * Evaluating
include:spf.protection.outlook.com: performing lookup
Thu 2020-02-20 11:13:00.714: [524471] *Policy: v=spf1 ip4:40.92.0.0/15
ip4:40.107.0.0/16 ip4:52.100.0.0/14 ip4:104.47.0.0/17 ip6:2a01:111:f400::/48
ip6:2a01:111:f403::/48 -all
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:40.92.0.0/15: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:40.107.0.0/16: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:52.100.0.0/14: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating ip4:104.47.0.0/17: no
match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating
ip6:2a01:111:f400::/48: no match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating
ip6:2a01:111:f403::/48: no match
Thu 2020-02-20 11:13:00.714: [524471] *Evaluating -all: match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating
include:spf.protection.outlook.com: no match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:194.24.4.18: no
match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating ip4:194.24.4.19: no
match
Thu 2020-02-20 11:13:00.714: [524471] * Evaluating -all: match
Thu 2020-02-20 11:13:00.714: [524471] * Result: fail
Thu 2020-02-20 11:13:00.714: [524471] Message will be rejected after DMARC
processing.
Thu 2020-02-20 11:13:00.714: [524471] End SPF results
Thu 2020-02-20 11:13:00.714: [524471] --> 250 2.1.0 Sender OK
Thu 2020-02-20 11:13:00.716: [524471] <-- RCPT TO:
Thu 2020-02-20 11:13:00.729: [524471] --> 250 2.1.5 Recipient OK
Thu 2020-02-20 11:13:00.731: [524471] <-- RCPT TO:
Thu 2020-02-20 11:13:00.737: [524471] --> 250 2.1.5 Recipient OK
Thu 2020-02-20 11:13:00.739: [524471] <-- DATA
Thu 2020-02-20 11:13:00.740: [524471] Creating temp file (SMTP):
c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.740: [524471] --> 354 Enter mail, end with
.
Thu 2020-02-20 11:13:00.747: [524471] Message size: 23739 bytes
Thu 2020-02-20 11:13:00.748: [524471] Performing DKIM lookup
Thu 2020-02-20 11:13:00.748: [524471] * File:
c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.748: [524471] * Message-ID:
Thu 2020-02-20 11:13:00.766: [524471] * DKIM-Signature 1: v=1; a=rsa-sha256;
c=relaxed/relaxed; d=jti.com; s=selector1;
Thu 2020-02-20 11:13:00.766: [524471] *Verification result: good
signature
Thu 2020-02-20 11:13:00.767: [524471] * Result: pass
Thu 2020-02-20 11:13:00.767: [524471] End DKIM results
Thu 2020-02-20 11:13:00.771: [524471] Performing DMARC processing
Thu 2020-02-20 11:13:00.771: [524471] * File:
c:\mdaemon\temp\md50001125202.tmp
Thu 2020-02-20 11:13:00.771: [524471] * Message-ID:
Thu 2020-02-20 11:13:00.771: [524471] * Author domain: jti.c
