[mdaemon-l] Spambot Detection dan Location Screening Concern
On 26/12/19 12.03, Slamet Raharjo (sraha...@aio.co.id) wrote: > Saya akan activekan Spambot Detection dan Location Screening, namun ada > beberapa concern sbb : > > 1. Di tempat kami, TOP Management sering keluar negri (Singapore, Jepang, > dan lainnya), apakah ada yang perlu di sesuaikan secara konfigurasi untuk > Spambot Detection dan Location Screening ? > Agar proses Tarik kirim e-mail di neworks negara lain tetap aman dan > dapat di lakukan. - Saat bepergian keluar negeri selalu pakai mobile device dengan activesync protocol. - Boleh juga pakai laptop dengan email client outlook tetapi pilih protocolnya activesync. lebih lengkap lihat disini https://www.mail-archive.com/mdaemon-l@dutaint.com/msg45513.html > 2. Untuk Spambot menggunakan algoritma apa ya ? Spambot mendeteksi adanya mailbomb dari spambot node di internet. https://en.wikipedia.org/wiki/Spambot > Bagaimana cara kerjanya http://mdaemon.dutaint.co.id/mdaemon/19.5/index.html?security--spambot_detection.htm Spambot Detection tracks the IP addresses that every SMTP MAIL (return-path) value uses over a given period of time. If the same return-path is used by an inordinate number of different IP addresses in a short time, this could indicate a spambot network. When a spambot is detected, the current connection is immediately dropped and the return-path value is optionally blacklisted for a length of time you specify You can also optionally blacklist all the known spambot IP addresses for a designated period. > dan apakah ada semacam info ke postmaster bahwa spambot telah melakukan block > transaksi terhadap e-mail tertentu ? Tidak, hanya tercatat di log. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 19.5.3-64 bit Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. We are products of our past, but we don't have to be prisoners of it. --- Rick Warren -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 19.5.3, SecurityGateway 6.5.1
[MDaemon-L] Spambot detection
> Ada pilihan lain kalau pakai 16.0, masukkan sender IP kedalam spambot > whitelist. > > 64.18.0.0/20 > 64.233.160.0/19 > 66.102.0.0/20 > 66.249.80.0/20 > 72.14.192.0/18 > 74.125.0.0/16 > 108.177.8.0/21 > 173.194.0.0/16 > 207.126.144.0/20 > 209.85.128.0/17 > 216.58.192.0/19 > 216.239.32.0/19 > 172.217.0.0/19 > 108.177.96.0/19 Baik pak, saya akan coba. Terimakasih Panji Perdiansyah -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] Spambot detection
On 09/03/17 12:04, Panji Perdiansyah wrote: > Saya masih pakai V.16.0, baik pak terimakasih saya akan coba non aktifkan. Ada pilihan lain kalau pakai 16.0, masukkan sender IP kedalam spambot whitelist. 64.18.0.0/20 64.233.160.0/19 66.102.0.0/20 66.249.80.0/20 72.14.192.0/18 74.125.0.0/16 108.177.8.0/21 173.194.0.0/16 207.126.144.0/20 209.85.128.0/17 216.58.192.0/19 216.239.32.0/19 172.217.0.0/19 108.177.96.0/19 -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 17.0-64 Beta RC1, SP 5.1.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Life is really simple, but we insist on making it complicated. --- Confucius -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] Spambot detection
> Masukkan sender address kedalam spambot detection whitelist jika sudah > pakai MD 16.5.x > > http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security-- > spambot_detection.htm > > from *@daiho.co.id > > kalau masih pakai versi sebelumnya, non aktifkan spambot detection. Saya masih pakai V.16.0, baik pak terimakasih saya akan coba non aktifkan. Terimakasih Panji P -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] Spambot detection
On 09/03/17 11:30, Panji Perdiansyah wrote: > Mohon bantuannya log berikut ini. email tersebut kirim ke beberapa user kami > dan sebagian diterima dengan baik. > > Tapi ada user yang lognya seperti ini. > Tue 2017-03-07 15:11:01.075: Spambot detection added > material_st...@daiho.co.id to block list for 10 minutes > > Tue 2017-03-07 15:11:01.075: --> 550 5.1.1 Too many IPs seen in too short a > time frame Masukkan sender address kedalam spambot detection whitelist jika sudah pakai MD 16.5.x http://mdaemon.dutaint.co.id/mdaemon/16.5/index.html?security--spambot_detection.htm from *@daiho.co.id kalau masih pakai versi sebelumnya, non aktifkan spambot detection. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, MDaemon 17.0-64 Beta RC1, SP 5.1.0-64 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Anyone who stops learning is old, whether twenty or eighty. Anyone who keeps learning stays young. The greatest thing you can do is keep your mind young. --- Mark Twain (1835 - 1910) -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1
[MDaemon-L] Spambot detection
Dear Pak Syafril, Mohon bantuannya log berikut ini. email tersebut kirim ke beberapa user kami dan sebagian diterima dengan baik. Tapi ada user yang lognya seperti ini. Tue 2017-03-07 15:10:59.866: Session 316708; child 0004 Tue 2017-03-07 15:10:59.866: Accepting SMTP connection from 74.125.83.42:35322 to 10.3.50.45:25 Tue 2017-03-07 15:10:59.867: --> 220 mail.s-iki.co.id ESMTP MDaemon 16.0.2; Tue, 07 Mar 2017 15:10:59 +0700 Tue 2017-03-07 15:11:00.059: <-- EHLO mail-pg0-f42.google.com Tue 2017-03-07 15:11:00.059: --> 250-mail.s-iki.co.id Hello mail-pg0-f42.google.com [74.125.83.42], pleased to meet you Tue 2017-03-07 15:11:00.059: --> 250-ETRN Tue 2017-03-07 15:11:00.059: --> 250-AUTH LOGIN CRAM-MD5 PLAIN Tue 2017-03-07 15:11:00.059: --> 250-8BITMIME Tue 2017-03-07 15:11:00.059: --> 250-ENHANCEDSTATUSCODES Tue 2017-03-07 15:11:00.059: --> 250 SIZE Tue 2017-03-07 15:11:00.250: <-- MAIL FROM: SIZE=59523 Tue 2017-03-07 15:11:00.258: Performing PTR lookup (42.83.125.74.IN-ADDR.ARPA) Tue 2017-03-07 15:11:00.267: * D=42.83.125.74.in-addr.arpa TTL=(1088) PTR=[mail-pg0-f42.google.com] Tue 2017-03-07 15:11:00.280: * D=mail-pg0-f42.google.com TTL=(1088) A=[74.125.83.42] Tue 2017-03-07 15:11:00.280: End PTR results Tue 2017-03-07 15:11:00.289: Performing IP lookup (mail-pg0-f42.google.com) Tue 2017-03-07 15:11:00.295: * D=mail-pg0-f42.google.com TTL=(1088) A=[74.125.83.42] Tue 2017-03-07 15:11:00.295: End IP lookup results Tue 2017-03-07 15:11:00.303: Performing IP lookup (daiho.co.id) Tue 2017-03-07 15:11:00.309: * D=daiho.co.id TTL=(55) A=[119.11.143.219] Tue 2017-03-07 15:11:00.317: * P=001 S=002 D=daiho.co.id TTL=(55) MX=[aspmx.l.google.com] {74.125.200.26} Tue 2017-03-07 15:11:00.317: * P=005 S=003 D=daiho.co.id TTL=(55) MX=[alt1.aspmx.l.google.com] {74.125.28.26} Tue 2017-03-07 15:11:00.317: * P=005 S=004 D=daiho.co.id TTL=(55) MX=[alt2.aspmx.l.google.com] {173.194.67.27} Tue 2017-03-07 15:11:00.317: * P=010 S=000 D=daiho.co.id TTL=(55) MX=[alt3.aspmx.l.google.com] {64.233.191.27} Tue 2017-03-07 15:11:00.317: * P=010 S=001 D=daiho.co.id TTL=(55) MX=[alt4.aspmx.l.google.com] {173.194.219.27} Tue 2017-03-07 15:11:00.317: End IP lookup results Tue 2017-03-07 15:11:00.319: Performing SPF lookup (daiho.co.id / 74.125.83.42) Tue 2017-03-07 15:11:00.319: * Policy (cache): v=spf1 include:_spf.google.com ~all Tue 2017-03-07 15:11:00.319: * Evaluating include:_spf.google.com: performing lookup Tue 2017-03-07 15:11:00.322: *Policy: v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all Tue 2017-03-07 15:11:00.322: *Evaluating include:_netblocks.google.com: performing lookup Tue 2017-03-07 15:11:00.322: * Policy (cache): v=spf1 ip4:64.18.0.0/20 ip4:64.233.160.0/19 ip4:66.102.0.0/20 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:74.125.0.0/16 ip4:108.177.8.0/21 ip4:173.194.0.0/16 ip4:207.126.144.0/20 ip4:209.85.128.0/17 ip4:216.58.192.0/19 ip4:216.239.32.0 Tue 2017-03-07 15:11:00.323: * Evaluating ip4:64.18.0.0/20: no match Tue 2017-03-07 15:11:00.323: * Evaluating ip4:64.233.160.0/19: no match Tue 2017-03-07 15:11:00.323: * Evaluating ip4:66.102.0.0/20: no match Tue 2017-03-07 15:11:00.323: * Evaluating ip4:66.249.80.0/20: no match Tue 2017-03-07 15:11:00.323: * Evaluating ip4:72.14.192.0/18: no match Tue 2017-03-07 15:11:00.323: * Evaluating ip4:74.125.0.0/16: match Tue 2017-03-07 15:11:00.323: *Evaluating include:_netblocks.google.com: match Tue 2017-03-07 15:11:00.323: * Evaluating include:_spf.google.com: match Tue 2017-03-07 15:11:00.323: * Result: pass Tue 2017-03-07 15:11:00.323: End SPF results Tue 2017-03-07 15:11:00.323: --> 250 2.1.0 Sender OK Tue 2017-03-07 15:11:01.065: <-- RCPT TO: Tue 2017-03-07 15:11:01.075: Spambot detection added material_st...@daiho.co.id to block list for 10 minutes Tue 2017-03-07 15:11:01.075: --> 550 5.1.1 Too many IPs seen in too short a time frame Tue 2017-03-07 15:11:01.076: SMTP session terminated (Bytes in/out: 108/330) Thanks and Regards Panji Perdiansyah -- --MDaemon-L-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir MD 16.5.2, SP 5.1.0, OC 4.0.1, SG 4.0.1