[Mdaemon-L] Email Spam
Pada 02/03/22 13.52, Bambang Setiawan via Mdaemon-L menulis: Mohon bantuan Bapak, hari ini mailserver kami menerima banyak email spam dengan lampiran file xlsm dan sender yang berubah-rubah. terlampir contoh dari header email tersebut X-Spam-Report: * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: * date * 0.1 URI_HEX URI: URI hostname has long hexadecimal sequence * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.0 T_SCC_BODY_TEXT_LINE No description available. Atur ulang nilai outbreak protection untuk spam, naikkan nilainya. http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sp_outbreak_protection.html Spam should be... [x] accepted for filteringScore: 9.5 Lengkapnya bisa terapkan setting antispam seperti ini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html Setelah menerapkan parameter diatas, jangan lupa untuk melakukan report spam ke MDaemon.com agar ada adjustment spam score yang akan diupdate ke MDaemon mail.persada.id melalui Spam Filter Update. http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sf_antispam_updates.html Semua phising spam mail yang ada di quarantine queue dipilih satu persatu lalu dari Right-Mouse-Click menu pilih menu Report to MDaemon.com | Spam False Negative. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. I'm unpredictable, I never know where I'm going until I get there, I'm so random, I'm always growing, learning, changing, I'm never the same person twice. But one thing you can be sure of about me; is I will always do exactly what I want to do. --- C. JoyBell C. -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] SPAM Issue
> https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html > https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html Noted Pak, terima kasih pencerahannya. Best Regards, Slamet Raharjo IT Dept. -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] Email Spam
Dear Pak Syafril, Mohon bantuan Bapak, hari ini mailserver kami menerima banyak email spam dengan lampiran file xlsm dan sender yang berubah-rubah. terlampir contoh dari header email tersebut, sementara ini saya buat content filter untuk mencegah email-email tersebut masuk ke mailbox user kami. X-MDAV-Result: infected X-MDAV-Infected: password-protected X-MDAV-Processed: mail.persada.id, Wed, 02 Mar 2022 13:45:13 +0700 X-Spam-Processed: mail.persada.id, Wed, 02 Mar 2022 13:45:13 +0700 Return-path: X-Spam-Flag: YES X-Spam-Level: * X-Spam-Status: Yes, score=5.2 required=5.0 tests=DATE_IN_FUTURE_12_24, HTML_MESSAGE,MDAEMON_OP_SPAM_HIGH,MIME_HTML_ONLY,SPF_NONE, T_SCC_BODY_TEXT_LINE,URI_HEX shortcircuit=no autolearn=disabled version=3.4.4 X-Spam-Report: * 2.5 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish * 0.0 SPF_NONE SPF: sender does not publish an SPF Record * 2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: * date * 0.1 URI_HEX URI: URI hostname has long hexadecimal sequence * 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.0 HTML_MESSAGE BODY: HTML included in message * -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) Authentication-Results: mail.persada.id; spf=none smtp.mailfrom=rmuje...@leabridge.co.zw; dmarc=none header.from=leabridge.co.zw (no DMARC record); iprev=pass policy.iprev=198.23.61.111 (PTR kosmostechnologies.org); iprev=pass policy.iprev=198.23.61.111 (HELO kosmostechnologies.org); iprev=pass policy.iprev=198.23.61.111 (MAIL rmuje...@leabridge.co.zw) Received: from kosmostechnologies.org (kosmostechnologies.org [198.23.61.111]) by mail.persada.id (103.150.114.156) (MDaemon PRO v21.5.2) with ESMTP id md5001002977706.msg; Wed, 02 Mar 2022 13:45:12 +0700 X-MDOP-RefID: str=0001.0A67342B.621F1277.00C8,ss=1,re=0.000,recu=0.000,reip=0.000,vtr=str,vl=0,pt=R_967809,cl=4,cld=1,fgs=0 (_st=4 _vt=0 _iwf=0) X-MDRemoteIP: 198.23.61.111 X-MDHelo: kosmostechnologies.org X-MDArrival-Date: Wed, 02 Mar 2022 13:45:12 +0700 X-MDOrigin-Country: US, NA X-Rcpt-To: deviana.purw...@persada.id X-MDRcpt-To: deviana.purw...@persada.id X-Return-Path: rmuje...@leabridge.co.zw X-Envelope-From: rmuje...@leabridge.co.zw X-MDaemon-Deliver-To: deviana.purw...@persada.id Received: from [122.2.22.242] (port=63503) by altar45.supremepanel45.com with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nPIjO-0002No-Ni for deviana.purw...@persada.id; Wed, 02 Mar 2022 06:45:01 + Date: Wed, 02 Mar 2022 14:45:01 -0800 From: " wulan.ut...@persada.id (rmuje...@leabridge.co.zw)" To: "" Subject: RE: deviana.purw...@persada.id MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_00136_2072_139952479.3020957578" X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - altar45.supremepanel45.com X-AntiAbuse: Original Domain - persada.id X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - leabridge.co.zw X-Get-Message-Sender-Via: altar45.supremepanel45.com: authenticated_id: rmuje...@leabridge.co.zw X-Source: X-Source-Args: X-Source-Dir: Message-ID: X-MDBadQueue-Reason: CF Rule "Xlsm" --=_NextPart_00136_2072_139952479.3020957578 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi , =0DSee attached DATA 8082396.zip zip password: 089 Thank you, APRILLIA WULAN UTARI wulan.ut...@persada.id Atas bantuannya diucapkan terima kasih. Salam -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] Pengirim menggunakan nama akun email internal
Pada 02/03/22 12.27, Seno H via Mdaemon-L menulis: Berikan tajuk pesan (message header) yang diterima user Anda kesini. Received: by mail.clipan.co.id (MDaemon PRO v19.0.3) with ESMTP id md50003563787.msg; Wed, 02 Mar 2022 09:31:05 +0700 Received: from [125.199.236.13] (FL9-125-199-236-13.nra.mesh.ad.jp [125.199.236.13]) by mail.exe.ne.jp (Postfix) with ESMTPA id 3172088391 for; Wed, 2 Mar 2022 11:27:56 +0900 (JST) Ini bukan Internet Header nya outlook, tetapi message headernya outlook yang tidak lengkap karena memang developer outlook tidak menganggap perlu memperlihatkan Internet Header lengkap (Full Message Header) saat melakukan forward as attachment. Upgrade MDaemon ke versi terkini (21.5.2) yang bisa diunduh dari sini Setelah update email yang menggunakan outlook tidak akan menarik kembali email yang ada diserver ka pak? Tidak, karena MDaemon installer akan menstop dulu MDaemon service sebelum memulai proses upgrade. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Tell me and I forget. Teach me and I remember. Involve me and I learn. --- Benjamin Franklin -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] Pengirim menggunakan nama akun email internal
> Berikan tajuk pesan (message header) yang diterima user Anda kesini. Received: by mail.clipan.co.id (MDaemon PRO v19.0.3) with ESMTP id md50003563787.msg; Wed, 02 Mar 2022 09:31:05 +0700 Received: from [125.199.236.13] (FL9-125-199-236-13.nra.mesh.ad.jp [125.199.236.13]) by mail.exe.ne.jp (Postfix) with ESMTPA id 3172088391 for ; Wed, 2 Mar 2022 11:27:56 +0900 (JST) Return-Path: From: To: Subject: Date: Thu, 3 Mar 2022 03:27:55 +0700 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_NextPart_000_0049_01D82E1B.87DC5C30" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: Adgt3ZDu+h6jnIUZTi+btn/kMzMM9A== > sebaiknya diubah menjadi > > "v=spf1 a mx ip4:117.102.86.99 include:smtp.biz.net.id -all" Ini sudah kami rubah sesuai diatas > > Upgrade MDaemon ke versi terkini (21.5.2) yang bisa diunduh dari sini Setelah update email yang menggunakan outlook tidak akan menarik kembali email yang ada diserver ka pak? Terima kasih -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] Pengirim menggunakan nama akun email internal
Pada 02/03/22 11.10, Seno H via Mdaemon-L menulis: Saat ini user kami banyak menerima email sperti dilampiran dengan beda2 pengirim, ini kenapa ya pak? Berikan tajuk pesan (message header) yang diterima user Anda kesini. Cara melihat message header seperti ini https://mxtoolbox.com/Public/Content/EmailHeaders/#/Outlook_2016 salin isi "Internet Header" ke notepad, lalu lampirkan di email. Kalau user Reinaldi Massie kesulitan melakukannnya atau sudah menghapus spam mail tersebut, bisa dibantu oleh Global Administrator dengan mencarinya di Mail Archive melalui MDconfig Queue And Statistic Manager | Queue Page | Mail Archive http://mdaemon.dutaint.co.id/mdaemon/21.5.0/queuestats_queue_page.html From: "" [mailto:ra.rezwia...@clipan.co.id] To: "Reinaldi Massie"=20 Subject: Re: Reinaldi Massie ... Kalau soal spam mail yang berasal seolah dari diri sendiri terjadi karena SPF policy domain clipan.co.id masih pakai SOFTFAIL (~all), harusnya pakai policy FAIL (-all) agar DMARC berfungsi dengan baik dan benar. Disamping itu server mail.clipan.co.id masih pakai MDaemon versi kuno (versi 19.x) yang memang ada bug untuk DMARC verification. $ host -v -t txt clipan.co.id ;; ANSWER SECTION: clipan.co.id. TXT "v=spf1 a mx ip4:117.102.86.99 include:smtp.biz.net.id ~all" sebaiknya diubah menjadi "v=spf1 a mx ip4:117.102.86.99 include:smtp.biz.net.id -all" Upgrade MDaemon ke versi terkini (21.5.2) yang bisa diunduh dari sini https://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/ Prosedur upgrade seperti ini https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=183 https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=2 -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Change is the end result of all true learning. --- Leo Buscaglia -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] FW: WARNING: Message delivery failed
Dear Pak Syafril, ok pak. Terima Kasih, -Katon Purwanto- CARAKA Logistics & Distribution 021-30022787, | www.carakagroup.com From: "Syafril Hermansyah via Mdaemon-L" To: Mdaemon-L@dutaint.com Date: Wed, 2 Mar 2022 11:03:14 +0700 Subject: [Mdaemon-L] FW: WARNING: Message delivery failed Pada 02/03/22 10.41, Syafril Hermansyah via Mdaemon-L menulis: > > Agar kedepannya kasus hijacking bisa diminimalisir lakukan sbb: > > 1. Upgrade ke MDaemon versi 21.5.2 > > Hacker selalu mengupdate teknik dan teknik hackingnya sehingga pengelola > mail server juga perlumengupdate versi MDaemonnya yang sudah > mengantisipasi teknik dan trik hacking tersebut. > > MDaemon versi terkini bisa diunduh dari sini > > https://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/ > > 2. Terapkan tips berikut > > https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44530.html > https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47878.html > > https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45611.html > https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45619.html Tambahan > [27458339] Transfer Complete > [27458339] <-- 550-5.7.26 This message does not have authentication information or fails to > [27458339] <-- 550-5.7.26 pass authentication checks. To best protect our users from spam, the > [27458339] <-- 550-5.7.26 message has been blocked. Please visit > [27458339] <-- 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more > [27458339] <-- 550 5.7.26 information. z17-20020aa7889100b004f10a245d0bsi11962501pfe.231 - gsmtp Tolakkan ini terjadi karena domain carakagroup.com tidak mengaktifkan DNS SPF record yang saat ini berindak sebagai "domain authentication". Aktifkan DNS SPF record sbb: carakagroup.com. TXT "v=spf1 mx include:relayhost.dutaint.com -all" di ns1.idwebhost.id Lebih rinci bisa dilihat disini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47287.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47288.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47289.html Sekalian diaktifkan DMARC record agar tidak sering terima spam seolah dari domain sendiri dmarc.carakagroup.com. 10800 IN TXT "v=DMARC1; p=reject; aspf=s; sp=none; rua=mailto:postmas...@carakagroup.com; Lebih rinxi bisa lihat disini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47356.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47387.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Never give up on anything. If you fail, try, try and try again. You are learning the best ways of doing things. --- Lailah Gifty Akita -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0 === CONFIDENTIALITY NOTICE This message (including any attachments)contains information that may be confidential. Unless you are the intended recipient (or authorized to receive for the intended recipient), you may not read, print, retain, use, copy, distribute or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and destroy all copies of the original message (including any attachments). === -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] FW: WARNING: Message delivery failed
Pada 02/03/22 10.41, Syafril Hermansyah via Mdaemon-L menulis: Agar kedepannya kasus hijacking bisa diminimalisir lakukan sbb: 1. Upgrade ke MDaemon versi 21.5.2 Hacker selalu mengupdate teknik dan teknik hackingnya sehingga pengelola mail server juga perlumengupdate versi MDaemonnya yang sudah mengantisipasi teknik dan trik hacking tersebut. MDaemon versi terkini bisa diunduh dari sini https://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/ 2. Terapkan tips berikut https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44530.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47878.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45611.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45619.html Tambahan [27458339] Transfer Complete [27458339] <-- 550-5.7.26 This message does not have authentication information or fails to [27458339] <-- 550-5.7.26 pass authentication checks. To best protect our users from spam, the [27458339] <-- 550-5.7.26 message has been blocked. Please visit [27458339] <-- 550-5.7.26 https://support.google.com/mail/answer/81126#authentication for more [27458339] <-- 550 5.7.26 information. z17-20020aa7889100b004f10a245d0bsi11962501pfe.231 - gsmtp Tolakkan ini terjadi karena domain carakagroup.com tidak mengaktifkan DNS SPF record yang saat ini berindak sebagai "domain authentication". Aktifkan DNS SPF record sbb: carakagroup.com. TXT"v=spf1 mx include:relayhost.dutaint.com -all" di ns1.idwebhost.id Lebih rinci bisa dilihat disini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47287.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47288.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47289.html Sekalian diaktifkan DMARC record agar tidak sering terima spam seolah dari domain sendiri dmarc.carakagroup.com. 10800 IN TXT "v=DMARC1; p=reject; aspf=s; sp=none; rua=mailto:postmas...@carakagroup.com; Lebih rinxi bisa lihat disini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47356.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47387.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Never give up on anything. If you fail, try, try and try again. You are learning the best ways of doing things. --- Lailah Gifty Akita -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] FW: WARNING: Message delivery failed
Pada 02/03/22 09.36, Katon Purwanto menulis: mohon dibantu salah satu user kami menerima email berikut dengan jumlah yang banyak padahal user tidak mengirimkan email ke alamat tersebut, mohon dibantu apa yang saya lakukan. Kelihatannya akun nurhay...@carakagroup.com terhijack (compromise). Ganti password akun nurhay...@carakagroup.com dengan strong password, prosedurnya sbb: 1. Pastikan strong password requirement aktif http://mdaemon.dutaint.co.id/mdaemon/21.5.0/passwords.html [x] Require strong passwords 2. Ganti password akun nurhay...@carakagroup.com dengan standard password perusahaan yang mudah diucapkan, misalkan Caraka@321 http://mdaemon.dutaint.co.id/mdaemon/21.5.0/ae_account.html pastikan menu berikut aktif saat melakukan pergantian password [x] Account must change mailbox password before it can connect 3. Minta user nurhay...@carakagroup.com login ke webmail (http://mail.carakagroup.com) menggunakan password standard yang diberikan diatas. Segera setelah login maka akan diminta mengganti passwordnya, gunakan strong password generator sebagai petunjuk https://www.lastpass.com/password-generator Password Length: 8 [x] easy to read [x] Uppercase [x] Lowercase [x] Number [x] Symbol Agar kedepannya kasus hijacking bisa diminimalisir lakukan sbb: 1. Upgrade ke MDaemon versi 21.5.2 Hacker selalu mengupdate teknik dan teknik hackingnya sehingga pengelola mail server juga perlumengupdate versi MDaemonnya yang sudah mengantisipasi teknik dan trik hacking tersebut. MDaemon versi terkini bisa diunduh dari sini https://www.altn.com/Downloads/MDaemon-Mail-Server-Free-Trial/ 2. Terapkan tips berikut https://www.mail-archive.com/mdaemon-l@dutaint.com/msg44530.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47878.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45611.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45619.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Never give up on anything. If you fail, try, try and try again. You are learning the best ways of doing things. --- Lailah Gifty Akita -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0
[Mdaemon-L] FW: WARNING: Message delivery failed
Dear pak Syafril, mohon dibantu salah satu user kami menerima email berikut dengan jumlah yang banyak padahal user tidak mengirimkan email ke alamat tersebut, mohon dibantu apa yang saya lakukan. Terima Kasih, -Katon Purwanto- CARAKA Logistics & Distribution 021-30022787, | www.carakagroup.com From: "nurhayati" To: Date: Wed, 2 Mar 2022 09:28:46 +0700 Subject: FW: WARNING: Message delivery failed Iki yo mas -Original Message- From: MDaemon at dds30.dutaservisindo.co.id [mailto:postmas...@carakagroup.com] Sent: Tuesday, March 1, 2022 4:25 PM To: prvs=10591c184c=nurhay...@carakagroup.com Subject: WARNING: Message delivery failed == = Greetings from the MDaemon mail system at dds30.dutaservisindo.co.id = == The following message: Session-ID: 27458339 (specific to this delivery attempt) Queue-ID: pd3501004407370.msg Message-ID: mdaemon3919202203011624.aa2426...@mail.carakagroup.com could not be delivered to the following recipient(s): 22leeh...@gmail.com (unrecoverable error) despite one or more unsuccessful attempts to do so. No further delivery attempts will be made and the message has been removed from the queue. The original message headers may follow at the end of this report. For information on DSN messages see http://www.altn.com/dsn/. Please quote the Queue-ID, Session-ID, and Message-ID found above in any inquiries regarding this message. = Session Transcript = [27458339] REMOTE message: pd3501004407370.msg [27458339] * Session 27458339; child 0013 [27458339] * From: nurhay...@carakagroup.com [27458339] * To: 22leeh...@gmail.com [27458339] * Subject: Report Oshop 2022 [27458339] * Message-ID: [27458339] * Size: 43583; [27458339] MTA-STS policy for gmail.com found in cache [27458339] * version: STSv1 [27458339] * mode: enforce [27458339] * mx: gmail-smtp-in.l.google.com [27458339] * mx: *.gmail-smtp-in.l.google.com [27458339] * max_age: 86400 [27458339] Resolving MX record for gmail.com (DNS Server: 103.141.180.216)... [27458339] * P=005 S=000 D=gmail.com TTL=(7) MX=[gmail-smtp-in.l.google.com] [27458339] * P=010 S=004 D=gmail.com TTL=(7) MX=[alt1.gmail-smtp-in.l.google.com] [27458339] * P=020 S=003 D=gmail.com TTL=(7) MX=[alt2.gmail-smtp-in.l.google.com] [27458339] * P=030 S=001 D=gmail.com TTL=(7) MX=[alt3.gmail-smtp-in.l.google.com] [27458339] * P=040 S=002 D=gmail.com TTL=(7) MX=[alt4.gmail-smtp-in.l.google.com] [27458339] Attempting SMTP connection to gmail-smtp-in.l.google.com [27458339] Resolving A record for gmail-smtp-in.l.google.com (DNS Server: 103.141.180.216)... [27458339] * D=gmail-smtp-in.l.google.com TTL=(4) A=[172.217.194.27] [27458339] Attempting SMTP connection to 172.217.194.27:25 [27458339] Waiting for socket connection... [27458339] * Connection established 103.141.180.220:12862 --> 172.217.194.27:25 [27458339] Waiting for protocol to start... [27458339] <-- 220 mx.google.com ESMTP z17-20020aa7889100b004f10a245d0bsi11962501pfe.231 - gsmtp [27458339] --> EHLO dds30.dutaservisindo.co.id [27458339] <-- 250-mx.google.com at your service, [103.141.180.220] [27458339] <-- 250-SIZE 157286400 [27458339] <-- 250-8BITMIME [27458339] <-- 250-STARTTLS [27458339] <-- 250-ENHANCEDSTATUSCODES [27458339] <-- 250-PIPELINING [27458339] <-- 250-CHUNKING [27458339] <-- 250 SMTPUTF8 [27458339] --> STARTTLS [27458339] <-- 220 2.0.0 Ready to start TLS [27458339] SSL negotiation successful (TLS 1.2, 256 bit key exchange, 128 bit AES encryption) [27458339] SSL certificate is valid (matches gmail-smtp-in.l.google.com and is signed by recognized CA) [27458339] MTA-STS success for gmail.com [27458339] TLS Reporting TXT record (from cache): v=TLSRPTv1;rua=mailto:sts-repo...@google.com [27458339] --> EHLO dds30.dutaservisindo.co.id [27458339] <-- 250-mx.google.com at your service, [103.141.180.220] [27458339] <-- 250-SIZE 157286400 [27458339] <-- 250-8BITMIME [27458339] <-- 250-ENHANCEDSTATUSCODES [27458339] <-- 250-PIPELINING [27458339] <-- 250-CHUNKING [27458339] <-- 250 SMTPUTF8 [27458339] --> MAIL From: SIZE=43583 [27458339] --> RCPT To:<22leeh...@gmail.com> [27458339] <-- 250 2.1.0 OK z17-20020aa7889100b004f10a245d0bsi11962501pfe.231 - gsmtp [27458339] <-- 250 2.1.5 OK z17-20020aa7889100b004f10a245d0bsi11962501pfe.231 - gsmtp [27458339] --> BDAT 43583 LAST [27458339] Sending to [172.217.194.27] [27458339] Transfer Complete [27458339] <-- 550-5.7.26 This message does not have authentication information or fails to [27458339] <-- 550-5.7.26 pass authentication checks. To best protect our users from spam, the [27458339] <-- 550-5.7.26 message has been blocked. Please visit
[Mdaemon-L] SPAM Issue
Pada 02/03/22 08.36, Slamet Raharjo via Mdaemon-L menulis: Untuk mengurangi masuknya SPAM seperti terlampir, kira-kira apa saja yang dapat saya Tuning di MDaemon ya, berikut Internet Headersnya, sbb : X-Spam-Report: * -4.0 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.] * 4.9 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish Reset Bayesian database token dengan menghapus isi folder \\mdaemon\spamassassin\bayes, lalu restart Spamfilter http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sf_spam_filtering.html Atur ulang nilai outbreak protection untuk spam, naikkan nilainya. http://mdaemon.dutaint.co.id/mdaemon/21.5.0/sp_outbreak_protection.html Spam should be... [x] accepted for filtering Score: 9.5 Lengkapnya bisa lihat disini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47239.html https://www.mail-archive.com/mdaemon-l@dutaint.com/msg47240.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 21.5.2 64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Wisdom comes not from age, but from education and learning. --- Anton Chekhov -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 21.5.2, SecurityGateway 8.5.0