[MDaemon-L] Tips : menseleksi sender/client yg boleh connect ke server kita (bagian 3)
Syafril Hermansyah said the following on 21/12/09 18:58 +07:00: On 21/12/09 17:32 +07:00 Syafril Hermansyah wrote: Kalau Anda ingin berhemat resources dan less spam, bisa mengaktifkan http://mdaemon.dutaint.co.id/10.1/index.html?security__reverse_lookup.htm Doh lupa kasih Warning : Don't do this if your MDaemon not version 10.x or above. Juga ketinggalan satu opsi yg perlu dienable [x] Perform lookup on HELO/EHLO domain [x] Refuse to accept mail if a lookup returns 'domain not found' [x] ...send 501 error code (normally sends 451 error code) [x] ...and then close the connection [x] Exempt authenticated sessions (lookup will defer until after MAIL) Kalau Anda ingin membuat research pendahuluan terlebih dahulu (spt yg saya lakukan 3 bulan sebelum pengaktifan fitur ini), untuk melengkapi data whitelist yg ada, bisa dilakukan sebagai berikut disable terlebih dahulu menu [x] ...send 501 error code (normally sends 451 error code) [x] ...and then close the connection lalu enable menu [x] Insert warning headers into suspicious messages Buat Content Filter Rule untuk mengcopy message-2x yg berasal dari sender host yg ignorant ini Rule Name : Ignorant Host catch Conditions01 = If X-MDHeloLookup-Result header contains hardfail Actions01 = Copy message to \\mdaemon\queues\LAN Process queue = Remote Note: kita pakai LAN queue karena queue ini praktis hampir tidak pernah digunakan kecuali Anda masih pakai RAS Dial Up dan memiliki LAN domain. Nanti secara periodik, katakanlah selepas jam kerja atau pagi hari, check LAN queue dari MDaemon console atau queue and stat manager atau dari windows explorer. Edit/view message di LAN queue akan tampil (contoh) spt ini X-MDHeloLookup-Result: hardfail smtp.helo=MailGate02.bakrie.co.id (does not match 123.176.121.67) tinggal masukkan IP 123.176.121.67 kedalam Reverse Lookup Whitelist. Kalau ingin melengkapi data di whitelist, lakukan check IP tsb sebenarnya punya nama apa yg diberikan oleh ISPnya. syaf...@syafril:~$ host 123.176.121.67 67.121.176.123.in-addr.arpa domain name pointer ns2.bakrie.co.id. syaf...@syafril:~$ nslookup 123.176.121.67 Server: 192.168.1.10 Address:192.168.1.10#53 Non-authoritative answer: 67.121.176.123.in-addr.arpa name = ns2.bakrie.co.id. terlihat bahwa ISP atau DNS hostmaster sebenarnya kasih nama host itu ns2.bakrie.co.id akan tetapi postmasternya nggak kompak, dia bersikeras pakai nama MailGate02.bakrie.co.id dan tidak mau melapor atau berkoordinasi dengan ISPnya. Jadi sekarang Anda bisa masukkan kedalam reverse lookup whitelist sbb 123.176.121.67 #MailGate02.bakrie.co.id; ns2.bakrie.co.id harap diperhatikan bahwa spasi antara IP address dengan tanda # dipisahkan dengan minimal 2 spasi (tekan 2 kali spacebar) bukan pakai tab space (baru di MD 11.0 diperkenankan pakai space tab agar orang-2x yg sering maintain MDaemon lewat ssh console spt saya bisa menggunakan remote editor dg nyaman G). -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 11.0 Beta I Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 10.1.2, SP 4.0.2, OC 2.2.3, SG 2.0.2, PP 1.1
[MDaemon-L] Tips : menseleksi sender/client yg boleh connect ke server kita (bagian 3)
Kalau Anda ingin membuat research pendahuluan terlebih dahulu (spt yg saya lakukan 3 bulan sebelum pengaktifan fitur ini), untuk melengkapi data whitelist yg ada, bisa dilakukan sebagai berikut disable terlebih dahulu menu [x] ...send 501 error code (normally sends 451 error code) [x] ...and then close the connection lalu enable menu [x] Insert warning headers into suspicious messages Bu Pa' Syafril Saya mencoba seting yang pa syafril berikan, tapi ada user sy di semarang ( pop/smtp server saya setting mail.nww.co.id ) di reject , sy sudah masukan ip mereka di whitelist tapi msih tetep di reject ada yang salah seting ? salam Enang Tue 2009-12-22 09:26:25: -- Tue 2009-12-22 09:26:26: Session 4843; child 8; thread 2292 Tue 2009-12-22 09:26:26: Accepting SMTP connection from [202.122.12.29:2520] Tue 2009-12-22 09:26:26: Performing PTR lookup (29.12.122.202.IN-ADDR.ARPA) Tue 2009-12-22 09:26:26: * Error: * Name server reports domain name unknown Tue 2009-12-22 09:26:26: * No PTR records found Tue 2009-12-22 09:26:26: End PTR results Tue 2009-12-22 09:26:26: -- 220 nwl.co.id ESMTP MDaemon 10.1.2; Tue, 22 Dec 2009 09:26:26 +0700 Tue 2009-12-22 09:26:26: -- HELO LaptopSMG1 Tue 2009-12-22 09:26:26: Performing IP lookup (LaptopSMG1) Tue 2009-12-22 09:26:26: * Error: * Name server reports domain name unknown Tue 2009-12-22 09:26:26: End IP lookup results Tue 2009-12-22 09:26:26: -- 501 LaptopSMG1 is invalid or DNS says does not exist Tue 2009-12-22 09:26:26: SMTP session terminated (Bytes in/out: 17/125) Tue 2009-12-22 09:26:26: -- Tue 2009-12-22 09:26:27: Session 4844; child 2 Tue 2009-12-22 09:26:26: Accepting POP3 connection from [202.122.12.29:2521] Tue 2009-12-22 09:26:26: -- +OK nwl.co.id POP3 MDaemon 10.1.2 ready mdaemon-f200912220926.aa2626918md1...@nwl.co.id Tue 2009-12-22 09:26:26: -- USER jokosus...@nwl.co.id Tue 2009-12-22 09:26:26: -- +OK jokosus...@nwl.co.id... User ok Tue 2009-12-22 09:26:26: -- PASS ** Tue 2009-12-22 09:26:26: -- +OK jokosus...@nwl.co.id's mailbox has 0 total messages (0 octets) Tue 2009-12-22 09:26:26: -- STAT Tue 2009-12-22 09:26:26: -- +OK 0 0 Tue 2009-12-22 09:26:27: -- QUIT Tue 2009-12-22 09:26:27: -- +OK jokosus...@nwl.co.id nwl.co.id POP3 Server signing off (mailbox empty) Tue 2009-12-22 09:26:27: POP3 session complete (Bytes in/out: 53/281) Tue 2009-12-22 09:26:27: -- -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Company does not accept any liability in respect of communication made by its employee which is contrary to the company policy or outside the scope of the employment of the individual concerned. The employee responsible will be personally liable for any damages or other liability arising. PT.NYK New Wave Logistics Indonesia MM2100 Industrial Town Block EE-4 Cikarang Barat Bekasi 17520 Tlp : +62-21-89982180 / 8981020 | Fax.+62-21-89982184/8981021 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 10.1.2, SP 4.0.2, OC 2.2.3, SG 2.0.2, PP 1.1
[MDaemon-L] Tips : menseleksi sender/client yg boleh connect ke server kita (bagian 3)
On 22/12/09 10:10 +07:00 Enang Sunardi wrote: Saya mencoba seting yang pa syafril berikan, tapi ada user sy di semarang ( pop/smtp server saya setting mail.nww.co.id ) di reject , sy sudah masukan ip mereka di whitelist tapi msih tetep di reject ada yang salah seting ? Direject saat kirim (smtp connection) atau saat retrieve mail (pop3)? Semua user mengaktifkan SMTPAuth kan? -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 11.0 Beta I Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 10.1.2, SP 4.0.2, OC 2.2.3, SG 2.0.2, PP 1.1
[MDaemon-L] Tips : menseleksi sender/client yg boleh connect ke server kita (bagian 3)
On 12/22/2009 10:19 AM, Syafril Hermansyah wrote: Direject saat kirim (smtp connection) atau saat retrieve mail (pop3)? Semua user mengaktifkan SMTPAuth kan? -saat smtp pa, setelah sy disable [ ] refuse to accept mail if a lookup returns 'domain not found' baru bisa send. - ga pake SMTPAuth pa. salam' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. Company does not accept any liability in respect of communication made by its employee which is contrary to the company policy or outside the scope of the employment of the individual concerned. The employee responsible will be personally liable for any damages or other liability arising. PT.NYK New Wave Logistics Indonesia MM2100 Industrial Town Block EE-4 Cikarang Barat Bekasi 17520 Tlp : +62-21-89982180 / 8981020 | Fax.+62-21-89982184/8981021 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 10.1.2, SP 4.0.2, OC 2.2.3, SG 2.0.2, PP 1.1
[MDaemon-L] Tips : menseleksi sender/client yg boleh connect ke server kita (bagian 3)
On 22/12/09 10:32 +07:00 Enang Sunardi wrote: Direject saat kirim (smtp connection) atau saat retrieve mail (pop3)? Semua user mengaktifkan SMTPAuth kan? -saat smtp pa, setelah sy disable [ ] refuse to accept mail if a lookup returns 'domain not found' baru bisa send. - ga pake SMTPAuth pa. Itu dia masalahnya disitu. Setting ini mengharuskan valid user untuk mengaktifkan smtputh. Ajarkan caranya ke mereka mengikuti contoh ini http://www.authsmtp.com/thunderbird-20/alternate-port.html kalau menu [ ] refuse to accept mail if a lookup returns 'domain not found' maka mail akan diproses oleh antispam/antisvirus yg tentunya akan lebih berat prosesnya karena DATA telah selesai ditransfer oleh sender. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 11.0 Beta I Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 10.1.2, SP 4.0.2, OC 2.2.3, SG 2.0.2, PP 1.1
[MDaemon-L] Tips : menseleksi sender/client yg boleh connect ke server kita (bagian 3)
Syafril Hermansyah said the following on 22/12/09 08:54 +07:00: Buat Content Filter Rule untuk mengcopy message-2x yg berasal dari sender host yg ignorant ini Rule Name : Ignorant Host catch Conditions01 = If X-MDHeloLookup-Result header contains hardfail Actions01 = Copy message to \\mdaemon\queues\LAN Process queue = Remote Lebih baik pakai both (local and remote), agar message dari MX backup tercover. Kalau ingin melengkapi data di whitelist, lakukan check IP tsb sebenarnya punya nama apa yg diberikan oleh ISPnya. syaf...@syafril:~$ host 123.176.121.67 67.121.176.123.in-addr.arpa domain name pointer ns2.bakrie.co.id. Ada cara lebih mudah aktifkan [x] Perform PTR lookup on inbound SMTP connections note: semua submenunya disable. Maka di header akan tampil X-MDPtrLookup-Result: pass dns.ptr=ns2.nicservice.net (ip=212.112.239.71) (dutaint.co.id) X-MDHeloLookup-Result: hardfail smtp.helo=ns.NICService.net (does not match 212.112.239.71) (dutaint.co.id) sama hasilnya dg yg tadi $ nslookup 212.112.239.71 Server: 192.168.1.10 Address:192.168.1.10#53 Non-authoritative answer: 71.239.112.212.in-addr.arpa name = ns2.nicservice.net. -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 11.0 Beta I Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 10.1.2, SP 4.0.2, OC 2.2.3, SG 2.0.2, PP 1.1
