date:20230518

[Mdaemon-L] Email Di serang Oleh spam

2023-05-18 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 5/19/23 08:57, arif noviyanto wrote:
Mohon bantuannya email kita sering di serang oleh spam yang bersifat 
mengancam jika domain email kita blok dia menggunakan email lain,



Di block saja sender/domainnya.
Bisa melalui hostscreening atau sender block list.

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--host_screening.html

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/sf_black_list.html



Mohon bantuannya agar kita bisa blok lewat subject

-Contoh kita ingin jika ada email dengan subject ada kata-kata password 
akan kita tamping dulu di badqueue



Bisa pakai CFrule, tetapi mestinya tidak akurat (banyak false positive 
result).


Gunakan Regular Expression akan lebih akurat


http://mdaemon.dutaint.co.id/mdaemon/23.0.1/cf_creating_a_new_content_filter_rule.html

Condition01: If the subject header contains Match Regular Expression 
^password$

Action01: Move Message to bad message queue

Pilihan lain, gunakan spam trap public folder.
Akurasinya tergantung Administrator dan setting spam filter yang digunakan.

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/sf_spam_filtering.html

Fate of Spam

[x] ...put spam in the spam trap public folder
[x] Send spam trap content report to postmaster every day



--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.0.2 Beta C
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Learning is not child's play; we cannot learn without pain
--- Aristotle


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.1, SecurityGateway 9.0.2

[Mdaemon-L] Email Di serang Oleh spam

2023-05-18 Terurut Topik arif noviyanto

Dh Team Duta Int,

 

Mohon bantuannya email kita sering di serang oleh spam yang bersifat
mengancam jika domain email kita blok dia menggunakan email lain, 

Mohon bantuannya agar kita bisa blok lewat subject 

-  Contoh kita ingin jika ada email dengan subject ada kata-kata
password akan kita tamping dulu di badqueue

 

 

Berikut permintaan dari kami,

 

Terima kasih,



This e-mail and it's attachments may be confidential and privileged, and may 
only be used by the authorized recipients. If you are not the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this email or any attachments is strictly prohibited and you should 
delete all copies and notify us immediately. The contain of this email might be 
not represent vision and/or opinion of PT. Sriboga Flour Mill, except if it is 
clearly declared as it is. PT. Sriboga Flour Mill will not responsible on any 
harmless or disaster caused of this email's virus or communication error.

-- 
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.1, SecurityGateway 9.0.2

[Mdaemon-L] Forwarding Email tidak berjalan

2023-05-18 Terurut Topik Syafril Hermansyah via Mdaemon-L

On 5/18/23 13:52, Aribhawa Samudra via Mdaemon-L wrote:
 >> From: BERINDO JAYA - Rini Jumarawati >
 >> To: CS Corporate1 >
 >> Cc: Dadang Anggoro >

 >> Date: Wed, 17 May 2023 05:00:06 +

 > Memangnya message itu masuk di MDaemon tanggal/jam berapa?
 > Apakah beda sampai 24 jam atau lebih?

Wed 2023-05-17 12:02:44.723: [28951902] <-- MAIL 
From: SIZE=439543
Wed 2023-05-17 12:02:44.724: [28951902] --> 250 2.1.0 Sender OK
Wed 2023-05-17 12:02:44.724: [28951902] <-- RCPT To:

Cuma beda 2 menit 38 detik (message creation date 17 May 12:00:06 +07.00).

Kalau message aslinya diganti date nya (secara manual, diedit), apakah
mail forwarding berjalan kalau message itu disalin ke local queue.

Setelah message aslinya di edit menjadi +7000 dan dimasukkan ke local queue, 
autoforwarding bisa berjalan dan berhasil.

Itu aneh.

ODMR itu authenticate session connection, sama dengan pengiriman dari 
local user.
Coba di test, kalau PC user diubah time zonenya ke UTC +00.00 apakah 
pengiriman mail cs.corpora...@equity.id tidak memicu autoforward?

Apakah di MDaemon server ada terinstall antivirus for file atau
antimalware atau Email filtering lain (yang umumnya ada di aplikasi
firewall atau antivirus)?

Anti virus Kaspersky dimana file folder yang berkaitan dengan directory mdaemon 
sudah di jadikan exclusive.

Tidak cukup begitu.
Semua aplikasi MDaemon (MDaemon.exe, MDlaunch.exe, Cfilter.exe, 
CFEngine.exe dll) perlu di trusted oleh KAV Realtime Scanning.

Coba disable dulu KAV untuk sementara, lalu amati apakah mail forwarding 
jadi bisa berjalan normal sekalipun message creation date bukan UTC +07.00.

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.0.2 Beta C
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

A good scientist is a person with original ideas. A good engineer is a 
person who makes a design that works with as few original ideas as 
possible. There are no prima donnas in engineering.

--- Freeman Dyson

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.1, SecurityGateway 9.0.2

[Mdaemon-L] Forwarding Email tidak berjalan

2023-05-18 Terurut Topik Aribhawa Samudra via Mdaemon-L











>> Setelah diteliti dengan lebih seksama, diketahui bahwa email yg tidak
>> bisa ter-autoforward oleh akun2 enable forwarding adalah karena timezone
>> nya dari para sender (nasabah) yang menggunakan timezone +. Hal ini
>> diketahui ketika user akun email kami yang lain melakukan forward email
>> yang diterima ke akun user email kami yg lain.


> Content Filter engine tidak melakukan check sender date, kecuali memang
> sengaja dibuatkan CFrule perihal itu.

Tidak CF yang berakitan dengan sender date pak

> Hanya antispam yang check sender date, tetapi itupun hanya akan
> memberikan spam score jika datenya berbeda lebih dari 24 jam dari
> current date MDaemon, lebih lambat atau lebih maju.


>> Beberapa contoh header email yg tidak bisa di-auotoforward :
>>
>> From: BERINDO JAYA - Rini Jumarawati 
>> To: CS Corporate1 
>> Cc: Dadang Anggoro 
>> Date: Wed, 17 May 2023 05:00:06 +

> Memangnya message itu masuk di MDaemon tanggal/jam berapa?
> Apakah beda sampai 24 jam atau lebih?

SMTP In Log atas email From: BERINDO JAYA - Rini Jumarawati 
 :

Wed 2023-05-17 12:02:41.689: --
Wed 2023-05-17 12:02:44.688: [28951902] Session 28951902; child 0015
Wed 2023-05-17 12:02:44.688: [28951902] Accepting SMTP connection from 
103.141.180.218:366 to 172.16.200.2:50364
Wed 2023-05-17 12:02:44.688: [28951902] *  ODMR (ATRN) previously 
authenticated hand-off
Wed 2023-05-17 12:02:44.689: [28951902] --> 220 mail2.equity.id ESMTP 
MDaemon 23.0.1; Wed, 17 May 2023 12:02:44 +0700
Wed 2023-05-17 12:02:44.706: [28951902] <-- EHLO dds29.dutaservisindo.co.id
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-mail2.equity.id Hello 
dds29.dutaservisindo.co.id [103.141.180.218], pleased to meet you
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-ETRN
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-8BITMIME
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-ENHANCEDSTATUSCODES
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-PIPELINING
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-CHUNKING
Wed 2023-05-17 12:02:44.706: [28951902] --> 250-REQUIRETLS
Wed 2023-05-17 12:02:44.706: [28951902] --> 250 SIZE 41943040
Wed 2023-05-17 12:02:44.723: [28951902] <-- MAIL 
From: SIZE=439543
Wed 2023-05-17 12:02:44.724: [28951902] --> 250 2.1.0 Sender OK
Wed 2023-05-17 12:02:44.724: [28951902] <-- RCPT 
To:
Wed 2023-05-17 12:02:44.730: [28951902] --> 250 2.1.5 Recipient OK
Wed 2023-05-17 12:02:44.746: [28951902] <-- BDAT 439543 LAST
Wed 2023-05-17 12:02:44.850: [28951902] Message size: 439543 bytes
Wed 2023-05-17 12:02:44.854: [28951902] Passing message through AntiVirus 
(Size: 439543)...
Wed 2023-05-17 12:02:46.912: [28951902] *  Message is clean (no viruses 
found) scanned by (ClamAV: clean (1.03541s))
Wed 2023-05-17 12:02:46.912: [28951902]  End AntiVirus results
Wed 2023-05-17 12:02:46.931: [28951902] Message creation successful: 
d:\mdaemon\queues\inbound\26\md500183776.msg
Wed 2023-05-17 12:02:46.931: [28951902] --> 250 2.6.0 Ok, message saved 
>
Wed 2023-05-17 12:02:46.932: [28951902] <-- RSET
Wed 2023-05-17 12:02:46.934: [28951902] --> 250 2.0.0 RSET? Well, OK
Wed 2023-05-17 12:02:46.955: [28951902] <-- MAIL 
From: SIZE=439546
Wed 2023-05-17 12:02:46.956: [28951902] --> 250 2.1.0 Sender OK
Wed 2023-05-17 12:02:46.956: [28951902] <-- RCPT 
To:
Wed 2023-05-17 12:02:46.963: [28951902] --> 250 2.1.5 Recipient OK
Wed 2023-05-17 12:02:46.980: [28951902] <-- BDAT 439546 LAST
Wed 2023-05-17 12:02:47.025: [28951902] Message size: 439546 bytes
Wed 2023-05-17 12:02:47.032: [28951902] Passing message through AntiVirus 
(Size: 439546)...
Wed 2023-05-17 12:02:47.109: [28951902] *  Message is clean (no viruses 
found) scanned by (ClamAV: clean (0.06083s))
Wed 2023-05-17 12:02:47.109: [28951902]  End AntiVirus results
Wed 2023-05-17 12:02:47.128: [28951902] Message creation successful: 
d:\mdaemon\queues\inbound\27\md500183773.msg
Wed 2023-05-17 12:02:47.128: [28951902] --> 250 2.6.0 Ok, message saved 
>
Wed 2023-05-17 12:02:47.130: [28951902] <-- QUIT
Wed 2023-05-17 12:02:47.130: [28951902] --> 221 2.0.0 See ya in cyberspace
Wed 2023-05-17 12:02:47.131: [28951902] SMTP session successful (Bytes 
in/out: 898251/1442)
Wed 2023-05-17 12:02:47.131: --


Routing log inbound dari email From: BERINDO JAYA - Rini Jumarawati 
 :

Wed 2023-05-17 12:02:47.418: --
Wed 2023-05-17 12:02:47.914: INBOUND message: md500183776.msg
Wed 2023-05-17 12:02:47.914: *  From: BERINDO JAYA - Rini Jumarawati 

Wed 2023-05-17 12:02:47.914: *  To: CS Corporate1 
Wed 2023-05-17 12:02:47.914: *  Subject: Perubahan kelas Rawat Inap karena 
promosi jabatan
Wed 2023-05-17 12:02:47.914: *  Message-ID: 

Wed 2023-05-17 12:02:47.914: *  Size: 439643; 

Wed 2023-05-17 12:02:47.914: --
Wed 2023-05-17 12:02:47.928: INBOUND message: md500183773.msg
Wed 2023-05-17 12:02:47.928: *  From: BERINDO JAYA - Rini Jumarawati 

Wed 2023-05-17 12:02:47.928: *  To: CS Corporate1 
Wed 2023-05-17 12:02:47.928: *  Subject: Perubahan kelas Rawat

[Mdaemon-L] Email Di serang Oleh spam

[Mdaemon-L] Email Di serang Oleh spam

[Mdaemon-L] Forwarding Email tidak berjalan

[Mdaemon-L] Forwarding Email tidak berjalan

4 matches

Site Navigation

Mail list logo

Footer information