subject:"\[Mdaemon\-L\] Email Spoofing"

[Mdaemon-L] Email Spoofing

2023-08-09 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/9/23 09:22, Rievo Niemrod Efraim via Mdaemon-L wrote:

Bisa di check ke smtp-in log, apakah transaksi mail yang masuk dari internet 
memicu DMARC verification.

Aneh nya pada waktu kejadian itu dmarc Procesing nya seperti tidak jalan kalau 
di lihat dari log smtp in pada hari kejadian

Mon 2023-08-07 11:55:28.694: [00968378]  End DKIM results
Mon 2023-08-07 11:55:28.695: [00968378] Passing message through AntiVirus 
(Size: 8603)...
Mon 2023-08-07 11:55:28.714: [00968378] *  Message is clean (no viruses found) 
scanned by (IKARUS: clean (0.00303s))
Mon 2023-08-07 11:55:28.714: [00968378]  End AntiVirus results




Di bandingkan dengan log email dari BCA  DMARC Processing nya jalan

Mon 2023-08-07 11:55:48.946: [00968484] Performing DMARC processing
Mon 2023-08-07 11:55:48.946: [00968484] *  File: 
d:\mdaemon\queues\temp\25\md500100239.tmp
Mon 2023-08-07 11:55:48.946: [00968484] *  Message-ID: 
<2007367336.8292957.1691384169124@759f5bc6-5d2c-49d8-4bf7-6a9c>
Mon 2023-08-07 11:55:48.946: [00968484] *  Author domain: klikbca.com
Mon 2023-08-07 11:55:48.946: [00968484] *  Organizational domain: klikbca.com
Mon 2023-08-07 11:55:48.946: [00968484] *  Query domain: _dmarc.klikbca.com
Mon 2023-08-07 11:55:48.979: [00968484] *Policy record: 
v=DMARC1;p=quarantine;rua=mailto:hostmas...@bca.co.id;fo=1
Mon 2023-08-07 11:55:48.981: [00968484] *  Verifying report 
recipient:hostmas...@bca.co.id
Mon 2023-08-07 11:55:48.981: [00968484] *  Query domain: 
klikbca.com._report._dmarc.bca.co.id
Mon 2023-08-07 11:55:49.012: [00968484] *Policy record: v=DMARC1
Mon 2023-08-07 11:55:49.012: [00968484] *recipienthostmas...@bca.co.id  is 
verified
Mon 2023-08-07 11:55:49.012: [00968484] *  Checking authentication mechanisms 
for DMARC alignment
Mon 2023-08-07 11:55:49.012: [00968484] *SPF: domain "klikbca.com" passed 
SPF check; and domain is DMARC aligned
Mon 2023-08-07 11:55:49.012: [00968484] *DKIM: domain "klikbca.com" (from 
d= of signature #1) verified; and domain is DMARC aligned
Mon 2023-08-07 11:55:49.012: [00968484] *  Result: pass
Mon 2023-08-07 11:55:49.012: [00968484]  End DMARC results

Padahal log di atas tanggal dan waktunya kurang lebih sama, jadi bisa di 
pastikan bukan karena DMARC Verificationnya tidak aktif pada saat itu
Atau mungkin system membaca seakan2 email tersebut memang dari local, sehingga 
Dmarc procesingnya tidak jalan ???



DMARC verification tidak aktif (bypass) jika sender IP masuk dalam 
daftar exemption list atau trusted IP saja.





[ ] Do not verify messages from trusted IPs



Baik Pak sementara Do not verify messages from trusted Ips saya disabled 




lalu periksa lagi smtp-in log, apakah DMARC verification berjalan.



Wed 2023-08-09 08:54:28.471: [01143185]  End DKIM results
Wed 2023-08-09 08:54:28.476: [01143185] Performing DMARC processing
Wed 2023-08-09 08:54:28.476: [01143185] *  File: 
d:\mdaemon\queues\temp\15\md50011.tmp
Wed 2023-08-09 08:54:28.476: [01143185] *  Message-ID: 

Wed 2023-08-09 08:54:28.476: [01143185] *  Author domain: gmail.com
Wed 2023-08-09 08:54:28.476: [01143185] *  Organizational domain: gmail.com
Wed 2023-08-09 08:54:28.476: [01143185] *  Query domain: _dmarc.gmail.com
Wed 2023-08-09 08:54:28.476: [01143185] *Policy record (from cache): 
v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-repo...@google.com
Wed 2023-08-09 08:54:28.479: [01143185] *  Verifying report recipient: 
mailauth-repo...@google.com
Wed 2023-08-09 08:54:28.479: [01143185] *  Query domain: 
gmail.com._report._dmarc.google.com
Wed 2023-08-09 08:54:28.508: [01143185] *Policy record: v=DMARC1
Wed 2023-08-09 08:54:28.508: [01143185] *Recipient 
mailauth-repo...@google.com is verified
Wed 2023-08-09 08:54:28.508: [01143185] *  Checking authentication mechanisms 
for DMARC alignment
Wed 2023-08-09 08:54:28.508: [01143185] *SPF: domain "gmail.com" passed SPF 
check; and domain is DMARC aligned
Wed 2023-08-09 08:54:28.509: [01143185] *DKIM: domain "gmail.com" (from d= 
of signature #1) verified; and domain is DMARC aligned
Wed 2023-08-09 08:54:28.509: [01143185] *  Result: pass
Wed 2023-08-09 08:54:28.509: [01143185]  End DMARC results



ok.

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I'm unpredictable, I never know where I'm going until I get there, I'm 
so random, I'm always growing, learning, changing, I'm never the same 
person twice. But one thing you can be sure of about me; is I will 
always do exactly what I want to do.

--- C. JoyBell C.


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti

[Mdaemon-L] Email Spoofing

2023-08-08 Terurut Topik Rievo Niemrod Efraim via Mdaemon-L

 Coba periksa apa isi DMARC exempt list.
>>>
 Apakah ada isian 198.58.114.46?
>>
>> 
>>> Tidak ada Pak
>> 
>>
>> Ada isian di trusted IP
>> 
>> http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_ips.html
>> 
>> atau trusted host
>> 
>> http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_hosts.ht
>> ml

Selamat Pagi Pak Syafril, saya cek di trusted IPs dan di trusted hosts tidak 
ada IP atau host email spoofing tersebut 

 
> Bisa di check ke smtp-in log, apakah transaksi mail yang masuk dari internet 
> memicu DMARC verification.

Aneh nya pada waktu kejadian itu dmarc Procesing nya seperti tidak jalan kalau 
di lihat dari log smtp in pada hari kejadian 

Mon 2023-08-07 11:55:28.694: [00968378]  End DKIM results
Mon 2023-08-07 11:55:28.695: [00968378] Passing message through AntiVirus 
(Size: 8603)...
Mon 2023-08-07 11:55:28.714: [00968378] *  Message is clean (no viruses found) 
scanned by (IKARUS: clean (0.00303s))
Mon 2023-08-07 11:55:28.714: [00968378]  End AntiVirus results
Mon 2023-08-07 11:55:28.716: [00968378] Message creation successful: 
d:\mdaemon\queues\inbound\46\md500127224.msg
Mon 2023-08-07 11:55:28.716: [00968378] --> 250 2.6.0 Ok, message saved 
>
Mon 2023-08-07 11:55:28.716: [00968378] <-- QUIT
Mon 2023-08-07 11:55:28.716: [00968378] --> 221 2.0.0 See ya in cyberspace
Mon 2023-08-07 11:55:28.717: [00968378] SMTP session successful (Bytes in/out: 
8729/459)
Mon 2023-08-07 11:55:28.718: --

Di bandingkan dengan log email dari BCA  DMARC Processing nya jalan  

Mon 2023-08-07 11:55:48.943: [00968484]  End DKIM results
Mon 2023-08-07 11:55:48.946: [00968484] Performing DMARC processing
Mon 2023-08-07 11:55:48.946: [00968484] *  File: 
d:\mdaemon\queues\temp\25\md500100239.tmp
Mon 2023-08-07 11:55:48.946: [00968484] *  Message-ID: 
<2007367336.8292957.1691384169124@759f5bc6-5d2c-49d8-4bf7-6a9c>
Mon 2023-08-07 11:55:48.946: [00968484] *  Author domain: klikbca.com
Mon 2023-08-07 11:55:48.946: [00968484] *  Organizational domain: klikbca.com
Mon 2023-08-07 11:55:48.946: [00968484] *  Query domain: _dmarc.klikbca.com
Mon 2023-08-07 11:55:48.979: [00968484] *Policy record: 
v=DMARC1;p=quarantine;rua=mailto:hostmas...@bca.co.id;fo=1
Mon 2023-08-07 11:55:48.981: [00968484] *  Verifying report recipient: 
hostmas...@bca.co.id
Mon 2023-08-07 11:55:48.981: [00968484] *  Query domain: 
klikbca.com._report._dmarc.bca.co.id
Mon 2023-08-07 11:55:49.012: [00968484] *Policy record: v=DMARC1
Mon 2023-08-07 11:55:49.012: [00968484] *Recipient hostmas...@bca.co.id is 
verified
Mon 2023-08-07 11:55:49.012: [00968484] *  Checking authentication mechanisms 
for DMARC alignment
Mon 2023-08-07 11:55:49.012: [00968484] *SPF: domain "klikbca.com" passed 
SPF check; and domain is DMARC aligned
Mon 2023-08-07 11:55:49.012: [00968484] *DKIM: domain "klikbca.com" (from 
d= of signature #1) verified; and domain is DMARC aligned
Mon 2023-08-07 11:55:49.012: [00968484] *  Result: pass
Mon 2023-08-07 11:55:49.012: [00968484]  End DMARC results
Mon 2023-08-07 11:55:49.014: [00968484] Passing message through AntiVirus 
(Size: 3700)...
Mon 2023-08-07 11:55:49.025: [00968484] *  Message is clean (no viruses found) 
scanned by (IKARUS: clean (0.00110s))
Mon 2023-08-07 11:55:49.025: [00968484]  End AntiVirus results
Mon 2023-08-07 11:55:49.025: [00968484] Passing message through Spam Filter 
(Size: 3700)...
Mon 2023-08-07 11:55:49.229: [00968484] *  0.0 HTML_MESSAGE BODY: HTML included 
in message
Mon 2023-08-07 11:55:49.229: [00968484] *  0.1 MIME_HTML_ONLY BODY: Message 
only has text/html MIME parts
Mon 2023-08-07 11:55:49.229: [00968484]  End SpamAssassin results
Mon 2023-08-07 11:55:49.229: [00968484] Spam Filter score/req: 0.10/12.0
Mon 2023-08-07 11:55:49.233: [00968484] Message creation successful: 
d:\mdaemon\queues\inbound\49\md500127216.msg
Mon 2023-08-07 11:55:49.233: [00968484] --> 250 2.6.0 Ok, message saved 
>
Mon 2023-08-07 11:55:49.268: [00968484] <-- QUIT
Mon 2023-08-07 11:55:49.268: [00968484] --> 221 2.0.0 See ya in cyberspace
Mon 2023-08-07 11:55:49.268: [00968484] SMTP session successful (Bytes in/out: 
4697/4355)
Mon 2023-08-07 11:55:49.268: --

Padahal log di atas tanggal dan waktunya kurang lebih sama, jadi bisa di 
pastikan bukan karena DMARC Verificationnya tidak aktif pada saat itu 
Atau mungkin system membaca seakan2 email tersebut memang dari local, sehingga 
Dmarc procesingnya tidak jalan ???


>Jika tidak, disable dulu menu berikut

>http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verification.html

> [ ] Do not verify messages from trusted IPs


Baik Pak sementara Do not verify messages from trusted Ips saya disabled 


> lalu periksa lagi smtp-in log, apakah DMARC verification berjalan.


Wed 2023-08-09 08:54:28.471: [01143185]  End DKIM results
Wed 2023-08-09 08:54:28.476: [01143185] Performing DMARC processing
Wed 2023-08-09 08:54:28.476: [01143185] *  File:

[Mdaemon-L] Email Spoofing

2023-08-08 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/8/23 16:25, Syafril Hermansyah via Mdaemon-L wrote:

On 8/8/23 15:00, Rievo Niemrod Efraim via Mdaemon-L wrote:

Coba periksa apa isi DMARC exempt list.



Apakah ada isian 198.58.114.46?



Tidak ada Pak 



Ada isian di trusted IP

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_ips.html

atau trusted host

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_hosts.html



Bisa di check ke smtp-in log, apakah transaksi mail yang masuk dari 
internet memicu DMARC verification.


Jika tidak, disable dulu menu berikut

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verification.html

[ ] Do not verify messages from trusted IPs

lalu periksa lagi smtp-in log, apakah DMARC verification berjalan.





--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The only way to do great work is to love what you do. If you haven’t 
found it yet, keep looking. Don’t settle.

--- Steve Jobs


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2023-08-08 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/8/23 15:00, Rievo Niemrod Efraim via Mdaemon-L wrote:

Coba periksa apa isi DMARC exempt list.



Apakah ada isian 198.58.114.46?



Tidak ada Pak 



Ada isian di trusted IP

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_ips.html

atau trusted host

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--trusted_hosts.html
--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I am who I am today because of the mistakes I made yesterday.
--- The Prolific Penman


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2023-08-08 Terurut Topik Rievo Niemrod Efraim via Mdaemon-L



> Coba periksa apa isi DMARC exempt list.

> Apakah ada isian 198.58.114.46?



Tidak ada Pak

[cid:image001.png@01D9CA09.04DEFFA0]



Salam

Rievo

[Mdaemon-L] Email Spoofing

2023-08-08 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/8/23 14:21, Rievo Niemrod Efraim via Mdaemon-L wrote:



Maksudnya baru diaktifkan?

Tidak Pak, sudah aktif sebelumnya


Di tanggal 2023-08-07 tidak aktif?

Sebelum saya cek 2023-08-07 itu sudah aktif Pak DMARC Verificationnya



Coba periksa apa isi DMARC exempt list.
Apakah ada isian 198.58.114.46?


--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I'm unpredictable, I never know where I'm going until I get there, I'm 
so random, I'm always growing, learning, changing, I'm never the same 
person twice. But one thing you can be sure of about me; is I will 
always do exactly what I want to do.

--- C. JoyBell C.


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2023-08-08 Terurut Topik Rievo Niemrod Efraim via Mdaemon-L

>>> DMARC check tidak aktif ya?
>> 
>>> http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verificat
>>> ion.html
>> 
>>> [x] Enable DMARC verification and reporting
>> 
>> Saya cek saat ini DMARC nya sudah aktif Pak


>Maksudnya baru diaktifkan?
Tidak Pak, sudah aktif sebelumnya 

>Di tanggal 2023-08-07 tidak aktif?
Sebelum saya cek 2023-08-07 itu sudah aktif Pak DMARC Verificationnya 


Salam
Rievo

[Mdaemon-L] Email Spoofing

2023-08-07 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/8/23 10:59, Rievo Niemrod Efraim via Mdaemon-L wrote:

DMARC check tidak aktif ya?



http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verification.html



[x] Enable DMARC verification and reporting


Saya cek saat ini DMARC nya sudah aktif Pak



Maksudnya baru diaktifkan?
Di tanggal 2023-08-07 tidak aktif?

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

Instruction does much, but encouragement everything.
--- Johann Wolfgang von Goethe


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2023-08-07 Terurut Topik Rievo Niemrod Efraim via Mdaemon-L

Selamat Pagi pajk Syafril

>DMARC check tidak aktif ya?

>http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verification.html

>[x] Enable DMARC verification and reporting

Saya cek saat ini DMARC nya sudah aktif Pak 

Terima Kasih
Rievo

[Mdaemon-L] Email Spoofing

2023-08-07 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/7/23 16:03, Rievo Niemrod Efraim via Mdaemon-L wrote:

Ini kita dapat email spoofing menggunakan domain kami




Carikan transaksinya di smtp-in log.


Berikut SMTP - IN Log nya Pak

Mon 2023-08-07 11:55:24.824: [00968378] <-- MAIL 
FROM: SIZE=8603
Mon 2023-08-07 11:55:28.041: [00968378] <-- RCPT TO:
Mon 2023-08-07 11:55:28.042: [00968378] Performing DNS-BL lookup (198.58.114.46 
- connecting IP)
Mon 2023-08-07 11:55:28.350: [00968378] *  b.barracudacentral.org - passed
Mon 2023-08-07 11:55:28.458: [00968378] *  zen.spamhaus.org - passed
Mon 2023-08-07 11:55:28.458: [00968378]  End DNS-BL results
Mon 2023-08-07 11:55:28.460: [00968378] --> 250 2.1.5 Recipient OK
Mon 2023-08-07 11:55:28.462: [00968378] <-- DATA
Mon 2023-08-07 11:55:28.464: [00968378] --> 354 Enter mail, end with 
.
Mon 2023-08-07 11:55:28.693: [00968378] Message size: 8603 bytes
Mon 2023-08-07 11:55:28.694: [00968378] Performing DKIM verification
Mon 2023-08-07 11:55:28.694: [00968378] *  File: 
d:\mdaemon\queues\temp\22\md500100239.tmp
Mon 2023-08-07 11:55:28.694: [00968378] *  Message-ID: 
<20230806214657.ee2f01d012b9a...@ptbmi.com>
Mon 2023-08-07 11:55:28.694: [00968378] *  Result: neutral
Mon 2023-08-07 11:55:28.694: [00968378]  End DKIM results


DMARC check tidak aktif ya?

http://mdaemon.dutaint.co.id/mdaemon/23.0.1/security--dmarc_verification.html

[x] Enable DMARC verification and reporting






--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

I have not failed. I've just found 10,000 ways that won't work.
--- Thomas A. Edison


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2023-08-07 Terurut Topik Rievo Niemrod Efraim via Mdaemon-L

>> Ini kita dapat email spoofing menggunakan domain kami


>Carikan transaksinya di smtp-in log.

Berikut SMTP - IN Log nya Pak

Mon 2023-08-07 11:55:26.847: --
Mon 2023-08-07 11:55:23.563: [00968378] Session 00968378; child 0016
Mon 2023-08-07 11:55:23.563: [00968378] Accepting SMTP connection from 
198.58.114.46:58924 to 172.16.0.6:25
Mon 2023-08-07 11:55:23.563: [00968378] Location Screen says connection is from 
United States, North America
Mon 2023-08-07 11:55:23.565: [00968378] --> 220 bb.ptbmi.com ESMTP MDaemon 
23.0.1; Mon, 07 Aug 2023 11:55:23 +0700
Mon 2023-08-07 11:55:24.595: [00968378] <-- EHLO mail.iesencial.com
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-bb.ptbmi.com Hello 
mail.iesencial.com [198.58.114.46], pleased to meet you
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-ETRN
Mon 2023-08-07 11:55:24.596: [00968378] Location Screening hiding AUTH from 
country United States, North America
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-8BITMIME
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-ENHANCEDSTATUSCODES
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-PIPELINING
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-CHUNKING
Mon 2023-08-07 11:55:24.596: [00968378] --> 250-STARTTLS
Mon 2023-08-07 11:55:24.596: [00968378] --> 250 SIZE
Mon 2023-08-07 11:55:24.824: [00968378] <-- MAIL 
FROM: SIZE=8603
Mon 2023-08-07 11:55:24.832: [00968378] Performing PTR lookup 
(46.114.58.198.IN-ADDR.ARPA)
Mon 2023-08-07 11:55:25.232: [00968378] *  D=46.114.58.198.IN-ADDR.ARPA 
TTL=(60) PTR=[mail.iesencial.com]
Mon 2023-08-07 11:55:25.569: [00968378] *  D=mail.iesencial.com TTL=(60) 
A=[198.58.114.46]
Mon 2023-08-07 11:55:25.569: [00968378]  End PTR results
Mon 2023-08-07 11:55:25.571: [00968378] Performing IP lookup 
(mail.iesencial.com)
Mon 2023-08-07 11:55:25.902: [00968378] *  D=mail.iesencial.com TTL=(60) 
A=[198.58.114.46]
Mon 2023-08-07 11:55:25.902: [00968378]  End IP lookup results
Mon 2023-08-07 11:55:25.905: [00968378] Performing IP lookup (ptbmi.com)
Mon 2023-08-07 11:55:25.931: [00968378] *  D=ptbmi.com TTL=(53) A=[202.148.6.47]
Mon 2023-08-07 11:55:25.960: [00968378] *  P=005 S=000 D=ptbmi.com TTL=(50) 
MX=[bb.ptbmi.com]
Mon 2023-08-07 11:55:25.991: [00968378] *  D=bb.ptbmi.com TTL=(26) 
A=[202.148.25.131]
Mon 2023-08-07 11:55:25.991: [00968378]  End IP lookup results
Mon 2023-08-07 11:55:25.992: [00968378] Performing SPF lookup 
(mail.iesencial.com / 198.58.114.46)
Mon 2023-08-07 11:55:28.041: [00968378] *  Result: none; no SPF record in DNS
Mon 2023-08-07 11:55:28.041: [00968378]  End SPF results
Mon 2023-08-07 11:55:28.041: [00968378] --> 250 2.1.0 Sender OK
Mon 2023-08-07 11:55:28.041: [00968378] <-- RCPT TO:
Mon 2023-08-07 11:55:28.042: [00968378] Performing DNS-BL lookup (198.58.114.46 
- connecting IP)
Mon 2023-08-07 11:55:28.350: [00968378] *  b.barracudacentral.org - passed
Mon 2023-08-07 11:55:28.458: [00968378] *  zen.spamhaus.org - passed
Mon 2023-08-07 11:55:28.458: [00968378]  End DNS-BL results
Mon 2023-08-07 11:55:28.460: [00968378] --> 250 2.1.5 Recipient OK
Mon 2023-08-07 11:55:28.462: [00968378] <-- DATA
Mon 2023-08-07 11:55:28.464: [00968378] --> 354 Enter mail, end with 
.
Mon 2023-08-07 11:55:28.693: [00968378] Message size: 8603 bytes
Mon 2023-08-07 11:55:28.694: [00968378] Performing DKIM verification
Mon 2023-08-07 11:55:28.694: [00968378] *  File: 
d:\mdaemon\queues\temp\22\md500100239.tmp
Mon 2023-08-07 11:55:28.694: [00968378] *  Message-ID: 
<20230806214657.ee2f01d012b9a...@ptbmi.com>
Mon 2023-08-07 11:55:28.694: [00968378] *  Result: neutral
Mon 2023-08-07 11:55:28.694: [00968378]  End DKIM results
Mon 2023-08-07 11:55:28.695: [00968378] Passing message through AntiVirus 
(Size: 8603)...
Mon 2023-08-07 11:55:28.714: [00968378] *  Message is clean (no viruses found) 
scanned by (IKARUS: clean (0.00303s))
Mon 2023-08-07 11:55:28.714: [00968378]  End AntiVirus results
Mon 2023-08-07 11:55:28.716: [00968378] Message creation successful: 
d:\mdaemon\queues\inbound\46\md500127224.msg
Mon 2023-08-07 11:55:28.716: [00968378] --> 250 2.6.0 Ok, message saved 
>
Mon 2023-08-07 11:55:28.716: [00968378] <-- QUIT
Mon 2023-08-07 11:55:28.716: [00968378] --> 221 2.0.0 See ya in cyberspace
Mon 2023-08-07 11:55:28.717: [00968378] SMTP session successful (Bytes in/out: 
8729/459)
Mon 2023-08-07 11:55:28.718: --

Terima Kasih
Rievo

[Mdaemon-L] Email Spoofing

2023-08-07 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 8/7/23 13:57, Rievo Niemrod Efraim via Mdaemon-L wrote:

Ini kita dapat email spoofing menggunakan domain kami



Authentication-Results: bb.ptbmi.com;
   iprev=pass policy.iprev=198.58.114.46 (PTR mail.iesencial.com);
   iprev=pass policy.iprev=198.58.114.46 (HELO mail.iesencial.com);
   iprev=fail reason="does not match" policy.iprev=198.58.114.46 
(MAIL hrd.recruitm...@ptbmi.com)
Received: from mail.iesencial.com (mail.iesencial.com [198.58.114.46]) by 
bb.ptbmi.com (MDaemon PRO v23.0.1)
   with ESMTP id 46-md500127224.msg; Mon, 07 Aug 2023 11:55:29 
+0700
From: "hrd.recruitment Email Support (hrd.recruitm...@ptbmi.com)" 

To: hrd.recruitm...@ptbmi.com
Date: 06 Aug 2023 21:46:57 -0700
Message-ID: <20230806214657.ee2f01d012b9a...@ptbmi.com>



Carikan transaksinya di smtp-in log.

--
syafril

Syafril Hermansyah
MDaemon-L Moderators, running MDaemon 23.5.0 Beta B
Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon.

The only way to do great work is to love what you do. If you haven’t 
found it yet, keep looking. Don’t settle.

--- Steve Jobs


--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2023-08-07 Terurut Topik Rievo Niemrod Efraim via Mdaemon-L

Selamat Siang

Dear Pak Syafril mohon bantuannya
Ini kita dapat email spoofing menggunakan domain kami
Solusi untuk mengatasinya bagaimana ya Pak ?
Mohon pencerahannya

Terima Kasih
Rievo



X-MDAV-Result: clean
X-MDAV-Processed: bb.ptbmi.com, Mon, 07 Aug 2023 11:55:29 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
   iprev=pass policy.iprev=198.58.114.46 (PTR mail.iesencial.com);
   iprev=pass policy.iprev=198.58.114.46 (HELO mail.iesencial.com);
   iprev=fail reason="does not match" policy.iprev=198.58.114.46 
(MAIL hrd.recruitm...@ptbmi.com)
Received: from mail.iesencial.com (mail.iesencial.com [198.58.114.46]) by 
bb.ptbmi.com (MDaemon PRO v23.0.1)
   with ESMTP id 46-md500127224.msg; Mon, 07 Aug 2023 11:55:29 
+0700
VBR-Info: md=ptbmi.com; mc=all; mv=bb.ptbmi.com;
X-Spam-Processed: bb.ptbmi.com, Mon, 07 Aug 2023 11:55:29 +0700
   (not processed: message from valid local sender)
X-MDRemoteIP: 198.58.114.46
X-MDHelo: mail.iesencial.com
X-MDArrival-Date: Mon, 07 Aug 2023 11:55:29 +0700
X-MDOrigin-Country: US, NA
X-Rcpt-To: hrd.recruitm...@ptbmi.com
X-MDRcpt-To: hrd.recruitm...@ptbmi.com
X-Return-Path: prvs=1583e26a03=hrd.recruitm...@ptbmi.com
X-Envelope-From: hrd.recruitm...@ptbmi.com
X-MDaemon-Deliver-To: hrd.recruitm...@ptbmi.com
Received: by mail.iesencial.com (Postfix, from userid 182)
   id 7130612BCB1; Sun,  6 Aug 2023 22:46:59 -0600 (CST)
Received: from conceptcompanies.net (unknown [134.195.139.199])
   by mail.iesencial.com (Postfix) with ESMTPSA id 57E4912BC1F
   for ; Sun,  6 Aug 2023 22:46:57 -0600 
(CST)
From: "hrd.recruitment Email Support (hrd.recruitm...@ptbmi.com)" 

To: hrd.recruitm...@ptbmi.com
Subject: ( hrd.recruitm...@ptbmi.com ) Mailbox is running out of data storage.
Date: 06 Aug 2023 21:46:57 -0700
Message-ID: <20230806214657.ee2f01d012b9a...@ptbmi.com>
MIME-Version: 1.0
Content-Type: text/html;
   charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MDCFSigsAdded: ptbmi.com
X-MDArchived: bb.ptbmi.com, Mon, 07 Aug 2023 11:55:33 +0700
X-EsetId: 37303A2920DCD05B617665
X-EsetScannerBuild: 58436
X-ESET-AntiSpam: OK;0;calc;2023-08-07 11:56:48;2308071156480011;4E28
X-ESET-AS: 
R=OK;S=0;OP=CALC;TIME=1691384200;VERSION=7956;MC=1600288283;ID=20960;TRN=0;CRV=0;IPC=134.195.139.199;SP=4;SIPS=1;PI=2;F=0

--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 23.0.2, SecurityGateway 9.0.3

[Mdaemon-L] Email Spoofing

2021-05-17 Terurut Topik Syafril Hermansyah via Mdaemon-L


On 18/05/21 08.28, Rievo Niemrod E wrote:
Ini user kami ada yang menerima email spoofing seakan2 dari admin 
ptbmi.com padahal bukan



Authentication-Results: bb.ptbmi.com;
spf=neutral smtp.mailfrom=_spf.mail.yahoo.com;
iprev=pass policy.iprev=92.243.26.160 (PTR mail.poslix.store);
iprev=pass policy.iprev=92.243.26.160 (HELO mail.poslix.store);
iprev=fail reason="does not match" policy.iprev=92.243.26.160 (MAIL 
lorenzo...@yahoo.com)
From: "ptbmi.com (ad...@ptbmi.com)" 




Mohon infonya apa yang harus di lakukan dan yang harus di perbaiki ?



Aktifkan DNS DMARC antispoofing yang align dengan SPF dengan 
policy=reject atau quarantine.


https://www.mail-archive.com/mdaemon-l@dutaint.com/msg46228.html
https://www.mail-archive.com/mdaemon-l@dutaint.com/msg46229.html


--
syafril

Syafril Hermansyah

MDaemon-L Moderator, run MDaemon 21.0.2 64bit Beta D
Mohon tidak kirim private mail (atau cc:) untuk masalah MDaemon.

Friendship... is not something you learn in school. But if you haven't 
learned the meaning of friendship, you really haven't learned anything.

--- Muhammad Ali



--
--[mdaemon-l]--
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com
Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com
Versi terakhir: MDaemon 21.0.1, SecurityGateway 8.0.1

[Mdaemon-L] Email Spoofing

2021-05-17 Terurut Topik Rievo Niemrod E

Selamat Pagi 

 

Dear Pak Syafril mohon pencerahannya 

Ini user kami ada yang menerima email spoofing seakan2 dari admin ptbmi.com
padahal bukan 

Mohon infonya apa yang harus di lakukan dan yang harus di perbaiki ?

 

*Terlampir Header email spoofingnya 

 

Terima Kasih

Rievo N

 

X-MDAV-Result: clean
X-MDAV-Processed: bb.ptbmi.com, Mon, 17 May 2021 16:50:07 +0700
Return-path: 
Authentication-Results: bb.ptbmi.com;
spf=neutral smtp.mailfrom=_spf.mail.yahoo.com;
iprev=pass policy.iprev=92.243.26.160 (PTR mail.poslix.store);
iprev=pass policy.iprev=92.243.26.160 (HELO mail.poslix.store);
iprev=fail reason="does not match" policy.iprev=92.243.26.160 (MAIL 
lorenzo...@yahoo.com)
Received-SPF: neutral (bb.ptbmi.com: 92.243.26.160 is neither permitted
nor denied by domain yahoo.com)
receiver=bb.ptbmi.com; client-ip=92.243.26.160;
mechanism=all; envelope-from="lorenzo...@yahoo.com";
helo=mail.poslix.store;
Received: from mail.poslix.store (mail.poslix.store [92.243.26.160]) by 
bb.ptbmi.com (MDaemon PRO v21.0.1) 
with ESMTPS id 35-md5001000108123.msg; Mon, 17 May 2021 16:50:06 +0700
VBR-Info: md=ptbmi.com; mc=all; mv=bb.ptbmi.com;
X-Spam-Flag: YES
X-Spam-Level: *
X-Spam-Status: Yes, score=9.30 required=5.0
X-Spam-Report:
*  1.6 BAYES_50 BODY: Bayes spam probability is 40 to 60%
*  [score: 0.4990]
*  0.3 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
*   in digit
*  [lorenzox50[at]yahoo.com]
*  0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
*  provider
*  [lorenzox50[at]yahoo.com]
*  0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
*  mail domains are different
*  0.0 HTML_MESSAGE BODY: HTML included in message
*  0.3 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
*  EnvelopeFrom freemail headers are different
*  3.0 GOOG_STO_NOIMG_HTML Apparently using google content hosting to
*  avoid URIBL
*  2.2 GOOG_STO_EMAIL_PHISH Possible phishing with google hosted
*  content URI having email address
*  1.6 SPOOFED_FREEMAIL No description available.
*  0.1 TO_IN_SUBJ To address is in Subject
X-Spam-Processed: bb.ptbmi.com, Mon, 17 May 2021 16:50:06 +0700
(processed during SMTP session)
X-MDOP-RefID: 
str=0001.0A673429.60A23C4A.002A,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
 (_st=1 _vt=0 _iwf=0)
X-MDSPF-Result: neutral (bb.ptbmi.com)
X-MDRemoteIP: 92.243.26.160
X-MDHelo: mail.poslix.store
X-MDArrival-Date: Mon, 17 May 2021 16:50:06 +0700
X-MDOrigin-Country: France, Europe
X-Rcpt-To: y...@ptbmi.com
X-MDRcpt-To: y...@ptbmi.com
X-Return-Path: lorenzo...@yahoo.com
X-Envelope-From: lorenzo...@yahoo.com
X-MDaemon-Deliver-To: y...@ptbmi.com
Received: by mail.poslix.store (ORVX) with ESMTPSA id 648264CFE0
for ; Mon, 17 May 2021 11:24:47 +0200 (CEST)
From: "ptbmi.com (ad...@ptbmi.com)" 
To: y...@ptbmi.com
Subject:  Server Management| IT Support Email Shutdown y...@ptbmi.com 17th May 
2021
Date: 17 May 2021 09:24:46 +
Message-ID: <20210517092446.9b8a1b3692137...@ptbmi.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_NextPart_000_0012_AD5289F3.505FBF4C"
X-MDCFSigsAdded: ptbmi.com


--=_NextPart_000_0012_AD5289F3.505FBF4C
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable


=C2=A0 Server Administrator |=C2=A0IT Support ptbmi.com
=C2=A0 =C2=A0
=C2=A0

Hello y...@ptbmi.com
We are closing all old versions and non-active users from=20
5/17/2021 9:24:46 a.m.. Please confirm your email address=20
y...@ptbmi.com=C2=A0to keep your account from being deactivated.

Confirm Your Email Here=20
(=C2=A0https://firebasestorage.googleapis.com/v0/b/fab3-7876e.appspot.com/o=
/fab-ant.html?alt=3Dmedia=3Dc7fee4c1-c871-4eea-9cd5-02feb60dd6ce#yuri=
@ptbmi.com=C2=A0)
=C2=A0
=C2=A0

Account will be=C2=A0 automatically deleted after 5/17/2021 9:24:46=20
a.m. You can change the frequency of these notifications within=20
your mailbox portal.



=C2=A0

=C2=A0
--=_NextPart_000_0012_AD5289F3.505FBF4C
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

http://www.=
w3.org/TR/html4/loose.dtd">






=




Server Administrator |IT Support ptbmi.com







Hello y...@ptbmi.com






We are closing all old versions=
 and non-active users from 5/17/2021 9:24:46 a.m.. Please confirm your emai=
l address y...@ptbmi.comto keep your account from being deactivated.<=
/font>


https://fire=
basestorage.googleapis.com/v0/b/fab3-7876e.appspot.com/o/fab-ant.html?alt=
=3Dmediatoken=3Dc7fee4c1-c871-4eea-9cd5-02feb60dd6ce#y...@ptbmi.com" t=
arget=3D"_blank" rel=3D"noreferrer nofollow noopener">Confirm Your Email Here





Account will be automatic=
ally deleted after 5/17/2021 9:24:46 a.m. You can change the frequency

[Mdaemon-L] Email Spoofing

2021-04-05 Terurut Topik Asep Yuliyana

Dear Pak Shafril,

Saya mendapatkan informasi dari external user (gmail), dimana pada tanggal 2
April ada pengiriman email mengatasnamakan hrd kami menggunakan alamat email
recruitm...@kapalapi.co.id
Saya sudah cek di smtp-out dan gateway kami (cisco ronport) tidak ada
pengirimain email dari alamat recruitm...@kapalapi.co.id pada tangal 2 April
tersebut.

Kemarin saya mendapatkan file eml dari recipient, saya lihat kolom from nya
benar dikirimkan dari recruitm...@kapalapi.co.id, dan kolom to nya ialah
undisclosed-recipients
Berikut header dari file eml tersebut:
Delivered-To: dewirohmatuli...@gmail.com
Received: by 2002:a4a:a609:0:0:0:0:0 with SMTP id e9csp981126oom;
Fri, 2 Apr 2021 00:07:33 -0700 (PDT)
X-Google-Smtp-Source:
ABdhPJxtKiOPCSp+hCpfb0fQ6sZUA49mRp24V0u43nJwojFYlKNufTMSY1XJzkueg+O+k5oerT39
X-Received: by 2002:a4a:8884:: with SMTP id
j4mr10570951ooa.54.1617347252117;
Fri, 02 Apr 2021 00:07:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617347252; cv=none;
d=google.com; s=arc-20160816;
b=nmIP6B/4I3g+dY7GyB3eeXdflPdqOxyK5mg7wY8NehHcB0ilDXl4KdpCnM/Prr4cQE
 
HbZkYxyasXCssix2lQBGVC+O0rNkEgk4wnQGy7mWBpwPGMhFeN+1z6JPSZZ0N2LEz69L
 
YNC/AR0qO2KJVAf46Rbys4hySEZmVyH4GUIhhWwclCrZaiM+xVUmnwAS/jfIgZxqPLg4
 
sWEGqRimvoNMHN3Ky7WOBGdR+RpbKU32yoZJcabdh/2OTu/B4wutWi5lQP1GIAU6QvpC
 
NruXx5tdhSPBRqbKWD5IT9JVPPDkNd2k78ErV+SAAHDi09pGTTrtJ4m9OfvCIuFW9STm
 sklw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=user-agent:message-id:subject:to:from:date:mime-version
 :dkim-signature;
bh=M4vHQcJfQivMYbpzAjGOrhlG35oyPTitL1nZFCeZKRM=;
b=ohRiis6ENncJuyxHXE8hEQKUgL7GwE/wJi2Nfew2jT73GaK+kJe8brBK+yqs4DDZcO
 
4Hw6T3Z+LiffikkOEN7+eajqeMhCEiGsmF0guxfY0MWYHZz+RJf44M52kKN9x4mFP6m5
 
t8rzEGAio7475UibRvl8W7wjeTEpHBZNAWa6+riB0WqPUTDB4G91fPcE8bWAZzHE6iKS
 
fRHnoti2zGVtNuVdbEN0alrvcBJlWSVRS590n0IsvY81f9R+z5Kqh+wcaVXaSZPA4EFA
 
mq6eeNgSzRQXHV3A3Cj+0ONPAPhzizN1PRbrHikOAdsyyoSssvNmwhoquNDb4BwPYAPF
 Vl4g==
ARC-Authentication-Results: i=1; mx.google.com;
   dkim=temperror (no key for signature) header.i=@kapalapi.co.id
header.s=default header.b=c+EMrai+;
   spf=fail (google.com: domain of recruitm...@kapalapi.co.id does not
designate 69.89.22.63 as permitted sender)
smtp.mailfrom=recruitm...@kapalapi.co.id;
   dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kapalapi.co.id
Return-Path: 
Received: from outbound-ss-1398.bluehost.com (outbound-ss-1398.bluehost.com.
[69.89.22.63])
by mx.google.com with ESMTPS id
y141si7415150oia.194.2021.04.02.00.07.31
for 
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 02 Apr 2021 00:07:32 -0700 (PDT)
Received-SPF: fail (google.com: domain of recruitm...@kapalapi.co.id does
not designate 69.89.22.63 as permitted sender) client-ip=69.89.22.63;
Authentication-Results: mx.google.com;
   dkim=temperror (no key for signature) header.i=@kapalapi.co.id
header.s=default header.b=c+EMrai+;
   spf=fail (google.com: domain of recruitm...@kapalapi.co.id does not
designate 69.89.22.63 as permitted sender)
smtp.mailfrom=recruitm...@kapalapi.co.id;
   dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=kapalapi.co.id
Received: from cmgw15.unifiedlayer.com (unknown [66.147.244.18])
by soproxy2.mail.unifiedlayer.com (Postfix) with ESMTP id
413441E066D
for ; Fri,  2 Apr 2021 01:07:31 -0600
(MDT)
Received: from bh-71.webhostbox.net ([162.222.225.153])
by cmsmtp with ESMTP
id SDtylx3wffon1SDtylH6TY; Fri, 02 Apr 2021 01:07:31 -0600
X-Authority-Reason: ss=1
X-Authority-Analysis: v=2.4 cv=I8YG+Psg c=1 sm=1 tr=0 ts=6066c2b3
 a=eO15P5x6jIc7vv9pe4Dp0w==:117 a=dLZJa+xiwSxG16/P+YVxDGlgEgI=:19
 a=3YhXtTcJ-WEA:10:nop_rcvd_month_year
 a=Tz28QSSHusoA:10:endurance_base64_authed_username_1 a=1XWaLZrs:8
 a=us6ABYU_jLhenyGcZ-YA:9 a=n3BslyFRqc0A:10:nop_pdf
 a=rls1ZAiwvL0A:10:nop_attachment_filename_extension_2
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=kapalapi.co.id; s=default;
h=Content-Type:Message-ID:Subject:To:From:Date:

MIME-Version:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-C
c

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe
:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=M4vHQcJfQivMYbpzAjGOrhlG35oyPTitL1nZFCeZKRM=;
b=c+EMrai+NaeCSGb6m/jbcdHX0L

cv0NvgbfCnUJ7H5rNVBQURdohaQnmuorIZmWYRJxaJQ5VI3YfZjEzvtwaxku4lezEttuYC8klvJX
l

I36cUWpN8AmNRf4xRgOKf0QB8PxudYNqe7ARyS7IJl87/p2p8+oyJPyRlMx+oy9+ItZZRpCaUGcc
z

pCqvhSpKmVTq4WyzZLrlGEwBrg6fC+psOtRoJaOqAScUMX0cz6vEt9mYdU20iVwpVCqj6lQRwHJm
F

ZeadECGjobW4In+Yj30iqwlnhhRGjnHN2I+uUlT4zM3vm63MVnp1uDMwj4AVshZJU2GHUHEaiDeh
L
Re7DMA5A==;
Received: from bh-71.webhostbox.net ([162.222.225.153]:47400)
by bh-71.webhostbox.net with

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

[Mdaemon-L] Email Spoofing

16 matches

Site Navigation

Mail list logo

Footer information