[Mdaemon-L] Email bni.co.id tidak ada yang masuk
On 11/3/21 10:14 AM, Arif Santoso wrote: Kalau antispam log ini artinya apa ya Tue 2021-11-02 12:15:09.358: (SMTP) Spam Filter processing c:\mdaemon\queues\temp\md5001003714273.tmp... Tue 2021-11-02 12:15:09.358: * Message return-path: bnidir...@bni.co.id Tue 2021-11-02 12:15:09.358: * Message ID: <13085423.8781635808080414.JavaMail.aprisma@beta> Tue 2021-11-02 12:15:09.358: Start SpamAssassin results Tue 2021-11-02 12:15:09.358: 00.10 points, 5.0 required; Tue 2021-11-02 12:15:09.358: * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts Tue 2021-11-02 12:15:09.358: * 0.0 HTML_MESSAGE BODY: HTML included in message Mail dari bnidir...@bni.co.id diterima dengan baik, spam score +00.10 masih dibawah nilai ambang +5.00, masuk kategori non-spam. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.0 64 bit Pre Release Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. If your actions inspire others to dream more, learn more, do more and become more, you are a leader. --- John Quincy Adams -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4
[Mdaemon-L] Email bni.co.id tidak ada yang masuk
On 11/3/21 10:07 AM, Arif Santoso wrote: Saya cek di log tidak ada email dari bni.co.id, saya cek juga domain bni.co.id mx server nya ok semua di mxtools Di smtp-in log dan routing log. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.0 64 bit Pre Release Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. The more that you read, the more things you will know. The more that you learn, the more places you'll go. --- Dr. Seuss, I Can Read With My Eyes Shut! -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4
[Mdaemon-L] Email bni.co.id tidak ada yang masuk
>Dear All, >Saya cek di log tidak ada email dari bni.co.id, saya cek juga domain bni.co.id mx server >nya ok semua di mxtools >Kira kira untuk memastikan email tidak masuk cek dimana lagi ya? >Rgds, >Arif Kalau antispam log ini artinya apa ya Tue 2021-11-02 12:15:09.358: (SMTP) Spam Filter processing c:\mdaemon\queues\temp\md5001003714273.tmp... Tue 2021-11-02 12:15:09.358: * Message return-path: bnidir...@bni.co.id Tue 2021-11-02 12:15:09.358: * Message ID: <13085423.8781635808080414.JavaMail.aprisma@beta> Tue 2021-11-02 12:15:09.358: Start SpamAssassin results Tue 2021-11-02 12:15:09.358: 00.10 points, 5.0 required; Tue 2021-11-02 12:15:09.358: * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts Tue 2021-11-02 12:15:09.358: * 0.0 HTML_MESSAGE BODY: HTML included in message Tue 2021-11-02 12:15:09.358: End SpamAssassin results -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4
[Mdaemon-L] Email bni.co.id tidak ada yang masuk
Dear All, Saya cek di log tidak ada email dari bni.co.id, saya cek juga domain bni.co.id mx server nya ok semua di mxtools Kira kira untuk memastikan email tidak masuk cek dimana lagi ya? Rgds, Arif -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4
[Mdaemon-L] Email mengirim phising ke external
PERHATIAN EXTERNAL EMAIL : Email ini datang dari luar Clipan. Harap verifikasi pengirim sebelum membuka lampiran atau mengklik tautan yang disematkan. Jika Anda mencurigai ini adalah spam, kirim email ini sebagai lampiran ke ithelpdesk __ Ini kasus account hijacking. Kelihatannya MDaemon mail.clipan.co.id belum diset securitynya dengan benar. > X-Spam-Processed: mail.clipan.co.id, Mon, 01 Nov 2021 13:47:24 +0700 > (not processed: message from trusted or authenticated source) > X-MDSPF-Result: softfail (mail.clipan.co.id) > X-MDRemoteIP: 3.143.24.90 > X-MDHelo: EC2AMAZ-TMRNQ09 > X-MDArrival-Date: Mon, 01 Nov 2021 13:47:24 +0700 > X-Authenticated-Sender: s...@clipan.co.id > From: "Message Support" > Subject: Password Notification Monday, November 1, 2021 > To: > Date: Mon, 1 Nov 2021 06:47:19 + > Message-Id: <2021011106471864cb93c843-0afbd71...@clipan.co.id> Coba dicarikan transkrip log transaksi itu di smtp-in log agar bisa dianalisis kenapa akun s...@clipan.co.id bisa digunakan hacker dari Ohio, USA. Pak Syafril untuk log diatas saya tidak ketemu, tetapi apakah log dibawah ini bisa membantu? Mon 2021-11-01 12:04:41.464: 05: [544812] Session 544812; child 0001 Mon 2021-11-01 12:04:41.464: 05: [544812] Accepting SMTP connection from 3.143.24.90:56128 to 10.100.101.10:587 Mon 2021-11-01 12:04:41.465: 03: [544812] --> 220 mail.clipan.co.id ESMTP MSA MDaemon 19.0.3; Mon, 01 Nov 2021 12:04:41 +0700 Mon 2021-11-01 12:04:42.305: 02: [544812] <-- EHLO EC2AMAZ-TMRNQ09 Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-mail.clipan.co.id Hello EC2AMAZ-TMRNQ09 [3.143.24.90], pleased to meet you Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-8BITMIME Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-ENHANCEDSTATUSCODES Mon 2021-11-01 12:04:42.305: 03: [544812] --> 250-STARTTLS Mon 2021-11-01 12:04:42.306: 03: [544812] --> 250 SIZE 3072 Mon 2021-11-01 12:04:42.565: 02: [544812] <-- STARTTLS Mon 2021-11-01 12:04:42.565: 03: [544812] --> 220 2.7.0 Ready to start TLS Mon 2021-11-01 12:04:43.501: 01: [544812] SSL negotiation successful (TLS 1.2, 521 bit key exchange, 256 bit AES encryption) Mon 2021-11-01 12:04:43.761: 02: [544812] <-- EHLO EC2AMAZ-TMRNQ09 Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-mail.clipan.co.id Hello EC2AMAZ-TMRNQ09 [3.143.24.90], pleased to meet you Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-8BITMIME Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250-ENHANCEDSTATUSCODES Mon 2021-11-01 12:04:43.761: 03: [544812] --> 250 SIZE 3072 Mon 2021-11-01 12:04:44.021: 02: [544812] <-- AUTH LOGIN Mon 2021-11-01 12:04:44.021: 03: [544812] --> 334 VXNlcm5hbWU6 Mon 2021-11-01 12:04:44.289: 02: [544812] <-- c2Vub0BjbGlwYW4uY28uaWQ= Mon 2021-11-01 12:04:44.289: 03: [544812] --> 334 UGFzc3dvcmQ6 Mon 2021-11-01 12:04:44.549: 02: [544812] <-- ** Mon 2021-11-01 12:04:44.549: 01: [544812] Authenticating s...@clipan.co.id... Mon 2021-11-01 12:04:44.552: 01: [544812] Authenticated as s...@clipan.co.id Mon 2021-11-01 12:04:44.552: 03: [544812] --> 235 2.7.0 Authentication successful Mon 2021-11-01 12:04:44.812: 02: [544812] <-- MAIL FROM: Mon 2021-11-01 12:04:44.813: 09: [544812] Performing SPF lookup (clipan.co.id / 3.143.24.90) Mon 2021-11-01 12:04:44.813: 09: [544812] * Policy (cache): v=spf1 a mx ip4:117.102.86.99 ip4:202.77.107.76 ~all Mon 2021-11-01 12:04:44.815: 09: [544812] * Evaluating a: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating mx: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating ip4:117.102.86.99: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating ip4:202.77.107.76: no match Mon 2021-11-01 12:04:44.821: 09: [544812] * Evaluating ~all: match Mon 2021-11-01 12:04:44.821: 09: [544812] * Result: softfail Mon 2021-11-01 12:04:44.821: 09: [544812] End SPF results Mon 2021-11-01 12:04:44.821: 03: [544812] --> 250 2.1.0 Sender OK Mon 2021-11-01 12:04:45.083: 02: [544812] <-- RCPT TO: Mon 2021-11-01 12:04:45.087: 03: [544812] --> 250 2.1.5 Recipient OK Mon 2021-11-01 12:04:45.347: 02: [544812] <-- DATA Mon 2021-11-01 12:04:45.348: 01: [544812] Creating temp file (SMTP): c:\mdaemon\queues\temp\md50001637264.tmp Mon 2021-11-01 12:04:45.348: 03: [544812] --> 354 Enter mail, end with . Mon 2021-11-01 12:04:45.889: 01: [544812] Message size: 2592 bytes Mon 2021-11-01 12:04:45.889: 10: [544812] Performing DKIM lookup Mon 2021-11-01 12:04:45.889: 10: [544812] * File: c:\mdaemon\queues\temp\md50001637264.tmp Mon 2021-11-01 12:04:45.889: 10: [544812] * Message-ID: <01402021110405570F205E35$5c03f96...@clipan.co.id> Mon 2021-11-01 12:04:45.890: 10: [544812] * Result: neutral Mon 2021-11-01
[Mdaemon-L] Email mengirim phising ke external
On 11/2/21 3:03 PM, Seno H via Mdaemon-L wrote: Mohon bantuannya email saya mengirim phising ke email external dengan Subject: Password Notification Monday, November 1, 2021. Saya sudah setting security sesuai rekomendasi sejak lama, dan kejadian ini terjadi sejak 2 hari lalu, terlampir file dari administrator. Ini kasus account hijacking. Kelihatannya MDaemon mail.clipan.co.id belum diset securitynya dengan benar. X-Spam-Processed: mail.clipan.co.id, Mon, 01 Nov 2021 13:47:24 +0700 (not processed: message from trusted or authenticated source) X-MDSPF-Result: softfail (mail.clipan.co.id) X-MDRemoteIP: 3.143.24.90 X-MDHelo: EC2AMAZ-TMRNQ09 X-MDArrival-Date: Mon, 01 Nov 2021 13:47:24 +0700 X-Authenticated-Sender: s...@clipan.co.id From: "Message Support" Subject: Password Notification Monday, November 1, 2021 To: Date: Mon, 1 Nov 2021 06:47:19 + Message-Id: <2021011106471864cb93c843-0afbd71...@clipan.co.id> Coba dicarikan transkrip log transaksi itu di smtp-in log agar bisa dianalisis kenapa akun s...@clipan.co.id bisa digunakan hacker dari Ohio, USA. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.0 64 bit Beta RC5 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Education is the kindling of a flame, not the filling of a vessel. --- Socrates -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4
[Mdaemon-L] Email mengirim phising ke external
PERHATIAN EXTERNAL EMAIL : Email ini datang dari luar Clipan. Harap verifikasi pengirim sebelum membuka lampiran atau mengklik tautan yang disematkan. Jika Anda mencurigai ini adalah spam, kirim email ini sebagai lampiran ke ithelpdesk __ Selamat sore pak Syafril, Mohon bantuannya email saya mengirim phising ke email external dengan Subject: Password Notification Monday, November 1, 2021. Saya sudah setting security sesuai rekomendasi sejak lama, dan kejadian ini terjadi sejak 2 hari lalu, terlampir file dari administrator. Terima kasih Salam, Seno H -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.0.3, SecurityGateway 8.0.4 DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=clipan.co.id; s=MDaemon; t=1635749246; x=1636354046; i=s...@clipan.co.id; q=dns/txt; h=Received-SPF:From:Subject:To:Content-Type: MIME-Version:Date:Message-Id; bh=jtYLyvsBFz5zP/b6d5ZjrurkbAoroIC SghXNSH097dU=; b=lEuZRG+2OdcWbSLFTTp8Im5fKluafL+dj4xXUFivJWP5Vap B7wQYSXL5QlTdDDYnYpprV9mEOo7h59ActGUyGjnfxRpTjIpVYA6i1B+UJZcphFB 0zs1fmmY6NK7uB2kKq1I89YRERVrfVLbUdQ7cvSaJTbDuzuWadE/aDwiefWY= Received-SPF: fail (mail.clipan.co.id: domain clipan.co.id does not designate 3.143.24.90 as permitted sender) Received: by mail.clipan.co.id (MDaemon PRO v19.0.3) with ESMTPSA id md50003044623.msg; Mon, 01 Nov 2021 13:47:24 +0700 X-Spam-Processed: mail.clipan.co.id, Mon, 01 Nov 2021 13:47:24 +0700 (not processed: message from trusted or authenticated source) X-MDSPF-Result: softfail (mail.clipan.co.id) X-MDRemoteIP: 3.143.24.90 X-MDHelo: EC2AMAZ-TMRNQ09 X-MDArrival-Date: Mon, 01 Nov 2021 13:47:24 +0700 X-Authenticated-Sender: s...@clipan.co.id X-Return-Path: prvs=19390a9142=s...@clipan.co.id X-Envelope-From: s...@clipan.co.id X-MDaemon-Deliver-To: ashve...@capitalalliance.lk From: "Message Support" Subject: Password Notification Monday, November 1, 2021 To: Content-Type: multipart/alternative; boundary="x4RsVrvXa8tPqc5ohRxoE2wwh=_LBH3dDC" MIME-Version: 1.0 Date: Mon, 1 Nov 2021 06:47:19 + Message-Id: <2021011106471864cb93c843-0afbd71...@clipan.co.id> X-MDDSN-Status: delayed