[MDaemon-L] mohon bantuan analisa header dibawah
On 20/06/2013 11:35, Henry Kuswanto wrote: >> Itu problem di server penerima (kelihatannya itu front end server, >> berupa antivirus atau antispam server). > > Berarti rejection terjadi di server "sparks.dentsu.co.id", di MD saya > hanya running MDSP. Server di belakang firewall (allow port MD) tapi > rejection berada di MD berarti sudah lolos firewall mestinya. Apakah > karena Default Domain Server - Delivery - > [ ] Abort delivery if SMTP RCPT command receive 5xx error > [v] Bounce message if recieving domain has no MX records > [v] Bounce message on first 5xx error from any of receiving domain MX hosts Tidak. Rejection itu di tahap setelah transfer DATA, umumnya yang melakukan ini adalah antivirus atau antispam service di server receiver. > Laporan smtp-in log di reject oleh OP, kira-kira kenapa ya pak ? Yang mereject itu Outbreak Protection. Rejection dilakukan karena mail dikirim melalui sender host yang punya reputasi buruk. http://www.commtouch.com/check-ip-reputation/ IP Query Result: IP Address: 112.78.149.50 Risk Level: High Risk Description: This IP address is used for sending Spam on a regular basis kalau memang sender adalah rekan korespondensi user Anda, masukkan sender domain *@mic.co.id kedalam spam filter whitelist http://mdaemon.dutaint.co.id/13.5/index.html?sf_white_list_from.htm -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 13.5 SecurityPlus 4.1.5 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.5.0, SP 4.1.5, BES 2.0.2, OC 2.3.1, SG 2.1.2, PP 2.0.1
[MDaemon-L] mohon bantuan analisa header dibawah
- Original Message -
From: "Syafril Hermansyah"
Itu problem di server penerima (kelihatannya itu front end server,
berupa antivirus atau antispam server).
Berarti rejection terjadi di server "sparks.dentsu.co.id", di MD saya hanya
running MDSP. Server di belakang firewall (allow port MD) tapi rejection
berada di MD berarti sudah lolos firewall mestinya. Apakah karena Default
Domain Server - Delivery -
[ ] Abort delivery if SMTP RCPT command receive 5xx error
[v] Bounce message if recieving domain has no MX records
[v] Bounce message on first 5xx error from any of receiving domain MX hosts
Problem persisnya tidak tahu karena tidak ada penjelasan persisnya, bisa
karena attachment file dianggap bervirus, spamscore tinggi atau problem
internal (misalkan disk space habis atau resource CPU tidak mencukupi
untuk memproses lebih lanjut).
Laporan smtp-in log di reject oleh OP, kira-kira kenapa ya pak ? Subject
juga tidak mencurigakan.
Thanks pak
Tue 2013-06-04 18:02:03: --
Tue 2013-06-04 18:02:06: [665980:1] Session 665980; child 1
Tue 2013-06-04 18:02:06: [665980:1] Accepting SMTP connection from
[112.78.149.50:42500] to [192.168.208.15:25]
Tue 2013-06-04 18:02:06: [665980:1] --> 220-mail.dentsu.co.id ESMTP MDaemon
13.0.5; Tue, 04 Jun 2013 18:02:06 +0700
Tue 2013-06-04 18:02:06: [665980:1] -->
220-=
Tue 2013-06-04 18:02:06: [665980:1] --> 220- PLEASE BE GOOD WILL YOU, NO
SPAM, NO RELAY, THANKS
Tue 2013-06-04 18:02:06: [665980:1] --> 220
=
Tue 2013-06-04 18:02:06: [665980:1] <-- EHLO mail.mic.co.id
Tue 2013-06-04 18:02:06: [665980:1] --> 250-mail.dentsu.co.id Hello
mail.mic.co.id, pleased to meet you
Tue 2013-06-04 18:02:06: [665980:1] --> 250-ETRN
Tue 2013-06-04 18:02:06: [665980:1] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Tue 2013-06-04 18:02:06: [665980:1] --> 250-8BITMIME
Tue 2013-06-04 18:02:06: [665980:1] --> 250 SIZE 1500
Tue 2013-06-04 18:02:06: [665980:1] <-- MAIL FROM:
SIZE=227442
Tue 2013-06-04 18:02:06: [665980:1] Performing PTR lookup
(50.149.78.112.IN-ADDR.ARPA)
Tue 2013-06-04 18:02:06: [665980:1] * Error: * Name server reports domain
name unknown
Tue 2013-06-04 18:02:06: [665980:1] * No PTR records found
Tue 2013-06-04 18:02:06: [665980:1] End PTR results
Tue 2013-06-04 18:02:06: [665980:1] Performing IP lookup (mail.mic.co.id)
Tue 2013-06-04 18:02:06: [665980:1] * D=mail.mic.co.id TTL=(1066)
A=[112.78.149.52]
Tue 2013-06-04 18:02:06: [665980:1] End IP lookup results
Tue 2013-06-04 18:02:06: [665980:1] Performing IP lookup (mic.co.id)
Tue 2013-06-04 18:02:06: [665980:1] * P=010 S=001 D=mic.co.id TTL=(1066)
MX=[mail.mic.co.id] {112.78.149.52}
Tue 2013-06-04 18:02:06: [665980:1] * P=020 S=000 D=mic.co.id TTL=(1066)
MX=[mx-corp3.cbn.net.id] {202.158.81.51}
Tue 2013-06-04 18:02:06: [665980:1] End IP lookup results
Tue 2013-06-04 18:02:06: [665980:1] --> 250 , Sender ok
Tue 2013-06-04 18:02:06: [665980:1] <-- RCPT TO:
Tue 2013-06-04 18:02:06: [665980:1] Performing DNS-BL lookup
(112.78.149.50 - connecting IP)
Tue 2013-06-04 18:02:07: [665980:1] * zen.spamhaus.org - passed
Tue 2013-06-04 18:02:07: [665980:1] End DNS-BL results
Tue 2013-06-04 18:02:07: [665980:1] --> 250 ,
Recipient ok
Tue 2013-06-04 18:02:07: [665980:1] <-- DATA
Tue 2013-06-04 18:02:07: [665980:1] Creating temp file (SMTP):
d:\mdaemon\queues\temp\35\md5003436.tmp
Tue 2013-06-04 18:02:07: [665980:1] --> 354 Enter mail, end with
.
Tue 2013-06-04 18:02:08: [665980:1] Message size: 227516 bytes
Tue 2013-06-04 18:02:08: [665980:1] Passing message through AntiVirus (Size:
227516)...
Tue 2013-06-04 18:02:08: [665980:1] * Message is clean (no viruses found)
Tue 2013-06-04 18:02:08: [665980:1] End AntiVirus results
Tue 2013-06-04 18:02:08: [665980:1] Passing message through Outbreak
Protection...
Tue 2013-06-04 18:02:08: [665980:1] * Message-ID:
D727A6FBD9D74662A61586AF725CFBE2@AnisVaio
Tue 2013-06-04 18:02:08: [665980:1] * Reference-ID:
str=0001.0A150203.51ADC9E8.024D,ss=4,re=0.000,fgs=12
Tue 2013-06-04 18:02:08: [665980:1] * Virus result: 0 - Clean
Tue 2013-06-04 18:02:08: [665980:1] * Spam result: 4 - Spam (confirmed)
Tue 2013-06-04 18:02:08: [665980:1] * IWF result: 0 - Clean
Tue 2013-06-04 18:02:08: [665980:1] End Outbreak Protection results
Tue 2013-06-04 18:02:08: [665980:1] --> 554 Sorry, message looks like spam
or phish to me (OP)
Tue 2013-06-04 18:02:08: [665980:1] SMTP session terminated (Bytes in/out:
227629/565)
Tue 2013-06-04 18:02:08: --
--
--[MDaemon-L]
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server.
Netiket: http://www.netmeister.org/news/learn2quote
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com
Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.
[MDaemon-L] mohon bantuan analisa header dibawah
On 19/06/2013 17:51, Henry Kuswanto wrote: > Mohon bantuan analisa header email dibawah. Kasusnya email dari pengirim > tidak berhasil diterima user saya. > Kenapa setelah '"Transfer Complete" ada "554 Transaction failed" ya ? > Ini penyebabnya apa ? Itu problem di server penerima (kelihatannya itu front end server, berupa antivirus atau antispam server). > Tue 2013-06-04 18:05:11: Transfer Complete > Tue 2013-06-04 18:05:13: <-- 554 Transaction failed Problem persisnya tidak tahu karena tidak ada penjelasan persisnya, bisa karena attachment file dianggap bervirus, spamscore tinggi atau problem internal (misalkan disk space habis atau resource CPU tidak mencukupi untuk memproses lebih lanjut). -- syafril --- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 13.5 SecurityPlus 4.1.5 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.5.0, SP 4.1.5, BES 2.0.2, OC 2.3.1, SG 2.1.2, PP 2.0.1
[MDaemon-L] mohon bantuan analisa header dibawah
pak Syafril, Mohon bantuan analisa header email dibawah. Kasusnya email dari pengirim tidak berhasil diterima user saya. Kenapa setelah '"Transfer Complete" ada "554 Transaction failed" ya ? Ini penyebabnya apa ? Potongan report dibawah dikirim dari pihak pengirim ke saya. Terima kasih Henry -Original Message- From: MDaemon at mail.mic.co.id Sent: Tuesday, June 04, 2013 6:05 PM To: a...@mic.co.id Subject: Permanent Delivery Failure -- MDaemon Delivery Status Notification - http://www.altn.com/dsn/ -- The attached message had PERMANENT fatal delivery errors. After one or more unsuccessful delivery attempts the attached message has been removed from the MDaemon mail queue on this server. The number and frequency of delivery attempts are determined by local configuration. -- YOUR MESSAGE WAS NOT DELIVERED TO ONE OR MORE RECIPIENTS -- Failed address: veron...@sparks.dentsu.co.id --- Session Transcript --- Tue 2013-06-04 18:05:11: Parsing message Tue 2013-06-04 18:05:11: * From: a...@mic.co.id Tue 2013-06-04 18:05:11: * To: veron...@sparks.dentsu.co.id Tue 2013-06-04 18:05:11: * Subject: Fw: acc prof biaya pemotretan iklan pigeon & honor model umbrella campaig dan peristaltic plus nipple Tue 2013-06-04 18:05:11: * Size (bytes): 227442 Tue 2013-06-04 18:05:11: * Message-ID: Tue 2013-06-04 18:05:11: Attempting SMTP connection to [sparks.dentsu.co.id] Tue 2013-06-04 18:05:11: Resolving MX records for [sparks.dentsu.co.id] (DNS Server: 10.1.50.253)... Tue 2013-06-04 18:05:11: * P=010 S=000 D=sparks.dentsu.co.id TTL=(98) MX=[mail.sparks.dentsu.co.id] Tue 2013-06-04 18:05:11: * P=020 S=001 D=sparks.dentsu.co.id TTL=(98) MX=[mx-corp3.cbn.net.id] Tue 2013-06-04 18:05:11: Attempting SMTP connection to [mail.sparks.dentsu.co.id:25] Tue 2013-06-04 18:05:11: Resolving A record for [mail.sparks.dentsu.co.id] (DNS Server: 10.1.50.253)... Tue 2013-06-04 18:05:11: * D=mail.sparks.dentsu.co.id TTL=(98) A=[202.158.0.158] Tue 2013-06-04 18:05:11: Attempting SMTP connection to [202.158.0.158:25] Tue 2013-06-04 18:05:11: Waiting for socket connection... Tue 2013-06-04 18:05:11: * Connection established (10.1.51.2:3037 -> 202.158.0.158:25) Tue 2013-06-04 18:05:11: Waiting for protocol to start... Tue 2013-06-04 18:05:11: <-- 220 mail.dentsu.co.id ESMTP Service ready Tue 2013-06-04 18:05:11: --> EHLO mail.mic.co.id Tue 2013-06-04 18:05:11: <-- 250-Requested mail action okay, completed Tue 2013-06-04 18:05:11: <-- 250-ETRN Tue 2013-06-04 18:05:11: <-- 250-AUTH LOGIN CRAM-MD5 PLAIN Tue 2013-06-04 18:05:11: <-- 250-8BITMIME Tue 2013-06-04 18:05:11: <-- 250-SIZE 1500 Tue 2013-06-04 18:05:11: <-- 250 OK Tue 2013-06-04 18:05:11: --> MAIL From: SIZE=227442 Tue 2013-06-04 18:05:11: <-- 250 Requested mail action okay, completed Tue 2013-06-04 18:05:11: --> RCPT To: Tue 2013-06-04 18:05:11: <-- 250 Requested mail action okay, completed Tue 2013-06-04 18:05:11: --> DATA Tue 2013-06-04 18:05:11: <-- 354 Tue 2013-06-04 18:05:11: Sending to [202.158.0.158] Tue 2013-06-04 18:05:11: Transfer Complete Tue 2013-06-04 18:05:13: <-- 554 Transaction failed Tue 2013-06-04 18:05:13: --> QUIT --- End Transcript --- -- --[MDaemon-L] Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.5.0, SP 4.1.5, BES 2.0.2, OC 2.3.1, SG 2.1.2, PP 2.0.1
