[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 6/27/24 12:55, Agi Subagio via Mdaemon-L wrote: Sudah 2 jam lebih saya aktifkan dynamic screening dengan opsi berikut dan domain mail server belum ada yg terblok. Apakah Pak Syafril punya saran lain mengenai seting Dynamic Screening yang lebih efektif jika nantinya bug di bagian exclusions sudah teratasi? Kalau menurut saya dynamic screening di SG tidak terlalu bermanfaat, karena itulah DS baru ada di SG di versi 10.x. Dynamic Screening lebih bermanfaat untuk office server (server dimana ada/terdaftar user database dan menyimpan user mailbox). SG hampir tidak bisa digunakan sebagai relay server dari luar/internet, khususnya di server mx.bms.co.id karena relay SG di set berbasis IP (private IP) bukan SMTPAuthentication. https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html Using the Dynamic Screening feature, SecurityGateway can track the behavior of sending servers to identify suspicious activity and then respond accordingly. For example, with Dynamic Screening you can ban an IP address from future connections to your server once a specified number of "unknown recipient" errors occur during a mail session with that IP address. You can ban senders that connect to your server more than a specified number of times in a specified number of minutes, and you can also ban senders that fail authentication attempts more than a designated number of times. However, a Dynamic Screening ban is not permanent. The IP address is banned only for the number of minutes that you specify on this page, and each IP address and the amount of time that has passed since its ban is listed in the Blocked IP List at the bottom of the page. bandingkan dengan http://mdaemon.dutaint.co.id/mdaemon/24.0.0/dynamic-screening_options.html Using Dynamic Screening, MDaemon can track the behavior of incoming connections to identify suspicious activity and then respond accordingly. You can block an IP address (or range of addresses) from connecting when it fails authentication a specified number times within a specified amount of time. You can also freeze the accounts attempting to authenticate when they fail too many times too quickly. Also, when an IP address is blocked or an account is frozen, it is not permanent. The connecting IP address will be blocked for the number of minutes, hours, or days that you specify, and frozen accounts can be "thawed" automatically after a specified amount of time, or manually by the admin. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 24.0.1 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. There are three kinds of men. The ones that learn by readin’. The few who learn by observation. The rest of them have to pee on the electric fence for themselves. --- Will Rogers -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.1, SecurityGateway 10.0.2
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 27/06/2024 10:06, Syafril Hermansyah via Mdaemon-L wrote: On 6/27/24 08:09, Agi Subagio via Mdaemon-L wrote: SecurityGateway sudah saya update ke 10.0.2 dan Dynamic Screening tetap memblok domain mail server atau allowlist (IP/hostname) karena Too many RSET. SG 10.0.2 memang belm memperbaiki bug itu. Mungkin di versi berikutnya. https://files.mdaemon.com/securitygateway/release/relnotes_en.HTM SecurityGateway 10.0.2 - June 25, 2024 FIXES [27858] fix to certain links in the "Dark Mode" theme are difficult to read due to poor contrast. [27873] fix to Sieve script fails to extract/log certain variables. [27874] fix to From Header Screening does not function. [27879] fix to when sending a message from the Delivery Queue the entire message is read into memory from disk when only the headers need to be. [27882] fix to crash when searching a particular HTML message for keywords. Sudah 2 jam lebih saya aktifkan dynamic screening dengan opsi berikut dan domain mail server belum ada yg terblok. Apakah Pak Syafril punya saran lain mengenai seting Dynamic Screening yang lebih efektif jika nantinya bug di bagian exclusions sudah teratasi? -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.1, SecurityGateway 10.0.2
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 6/27/24 08:09, Agi Subagio via Mdaemon-L wrote: SecurityGateway sudah saya update ke 10.0.2 dan Dynamic Screening tetap memblok domain mail server atau allowlist (IP/hostname) karena Too many RSET. SG 10.0.2 memang belm memperbaiki bug itu. Mungkin di versi berikutnya. https://files.mdaemon.com/securitygateway/release/relnotes_en.HTM SecurityGateway 10.0.2 - June 25, 2024 FIXES [27858] fix to certain links in the "Dark Mode" theme are difficult to read due to poor contrast. [27873] fix to Sieve script fails to extract/log certain variables. [27874] fix to From Header Screening does not function. [27879] fix to when sending a message from the Delivery Queue the entire message is read into memory from disk when only the headers need to be. [27882] fix to crash when searching a particular HTML message for keywords. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 24.0.1 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. I never did anything by accident, nor did any of my inventions come by accident; they came by work. --- Thomas Alva Edison -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.1, SecurityGateway 10.0.2
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
Ini bug, karena sender IP [172.16.50.16] masuk dalam allowlist global. Saya akan laporkan ke MDaemon Security Gateway Developer. Untuk sementara coba masukkan host backend server [mbs.co.id] kedalam allowlists_hosts atau disable "Ban IPs that send this many RSET command. https://help.mdaemon.com/SecurityGateway/en/allowlists_hosts.html https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html SecurityGateway sudah saya update ke 10.0.2 dan Dynamic Screening tetap memblok domain mail server atau allowlist (IP/hostname) karena Too many RSET. Thu 2024-06-27 08:02:33: --> 250 Ok, message saved Thu 2024-06-27 08:02:33: <-- RSET Thu 2024-06-27 08:02:33: ALERT Sender has reached RSET dynamic screening threshold Thu 2024-06-27 08:02:33: --> 421 Too many RSET commands Thu 2024-06-27 08:02:33: ALERT Connection from 172.16.50.16 refused by dynamic screening; 604800 second(s) remain Thu 2024-06-27 08:02:33: SMTP session successful (Bytes in/out: 7603658/6010) -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.1, SecurityGateway 10.0.2
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 21/06/2024 13:43, Syafril Hermansyah via Mdaemon-L wrote: On 6/21/24 09:36, Agi Subagio via Mdaemon-L wrote: Carikan transaksi banned nya di Inbound Log. inbound log ada di attachment - truncate Wed 2024-06-19 18:14:09: ALERT Sender has reached RSET dynamic screening threshold Wed 2024-06-19 18:14:09: --> 421 Too many RSET commands Wed 2024-06-19 18:14:09: ALERT Connection from 172.16.50.16 refused by dynamic screening; 604800 second(s) remain Ini benar dynamic screening yang memblock. Blocking terjadi akibat adanya mail loop antara SG dengan office (backend) server. Wed 2024-06-19 18:14:08: --> 250 <>, Sender ok Wed 2024-06-19 18:14:08: <-- RCPT TO: Wed 2024-06-19 18:14:08: User is not local Wed 2024-06-19 18:14:08: == Processing RCPT scripts for recipient: b2b.notificat...@am.b2b.com.my Wed 2024-06-19 18:14:08: -- Executing: Blocklist -- Wed 2024-06-19 18:14:08: -- Executing: Tarpitting -- Wed 2024-06-19 18:14:08: -- Executing: Relaying Denied -- Wed 2024-06-19 18:14:08: -- Executing: Invalid Recipient -- Wed 2024-06-19 18:14:08: -- Executing: Validate Local Sender -- Wed 2024-06-19 18:14:08: -- Executing: DNS Blocklists (Client IP) -- Wed 2024-06-19 18:14:08: -- Executing: SPF -- Wed 2024-06-19 18:14:08: -- Executing: Callback Verification -- Wed 2024-06-19 18:14:08: --> 250 , Recipient ok Wed 2024-06-19 18:14:08: <-- DATA Wed 2024-06-19 18:14:08: --> 354 Enter mail, end with . Wed 2024-06-19 18:14:08: NULL return path, parsing message headers for sender address Wed 2024-06-19 18:14:08: Sender = mailer-dae...@mbs.co.id Wed 2024-06-19 18:14:08: Found DISABLED user Wed 2024-06-19 18:14:08: User is disabled: Wed 2024-06-19 18:14:08: Message size: 3789 bytes Wed 2024-06-19 18:14:08: Message-ID: Wed 2024-06-19 18:14:08: Accepting SMTP connection from [172.16.50.16 : 41020] on port 25 Wed 2024-06-19 18:14:08: # Sender is a local domain mail server (MBS Mail Server) Wed 2024-06-19 18:14:08: # Sender is on allowlist (IP global : 173878) Wed 2024-06-19 18:14:08: --> 250-mx.mbs.co.id Hello mbs.co.id, pleased to meet you Ini bug, karena sender IP [172.16.50.16] masuk dalam allowlist global. Saya akan laporkan ke MDaemon Security Gateway Developer. Untuk sementara coba masukkan host backend server [mbs.co.id] kedalam allowlists_hosts atau disable "Ban IPs that send this many RSET command. https://help.mdaemon.com/SecurityGateway/en/allowlists_hosts.html https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html Itu kenapa mailer-dae...@mbs.co.id statusnya bisa disable? Akun MAILER-DAEMON@ (<>, Null Reverse Path) umum dipakai sebagai system account untuk meresponse autoresponder, Return-Receive Confirmation dls. Coba diubah statusnya dari userlist menjadi enable/normal. https://help.mdaemon.com/SecurityGateway/en/user_list.html Untuk sementara Dynamic Screeninng saya matikan dulu karena bug tersebut. Sebelumnya sempat diaktifkan dengan menonaktifkan "Ban IPs that send this many RSET", tetapi domain mail server tetap ke banned walaupun opsi exclude sudah diaktifkan dan IP/host sudah didaftarkan ke dalam IP Allowlist. Ada beberapa email akun yang sengaja tidak diaktifkan di SG dg tujuan agar tidak bisa menerima email dari luar. Alamat email tsb hanya utk keperluan internal sesama domain mail server. Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender -- Sat 2024-06-22 06:00:03: -- Executing: IP Shield -- Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup -- Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required -- Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok Sat 2024-06-22 06:00:03: <-- RCPT TO: Sat 2024-06-22 06:00:03: Found DISABLED user Sat 2024-06-22 06:00:03: User is disabled: Sat 2024-06-22 06:00:03: == Processing RCPT scripts for recipient: mbsctr...@mbs.co.id Sat 2024-06-22 06:00:03: -- Executing: Blocklist -- Sat 2024-06-22 06:00:03: -- Executing: Tarpitting -- Sat 2024-06-22 06:00:03: -- Executing: Relaying Denied -- Sat 2024-06-22 06:00:03: -- Executing: Invalid Recipient -- Sat 2024-06-22 06:00:03: ** Reject 550 , Recipient unknown Sat 2024-06-22 06:00:03: --> 550 , Recipient unknown Sat 2024-06-22 06:00:03: <-- RSET Sat 2024-06-22 06:00:03: --> 250 RSET? Well, OK. Sat 2024-06-22 06:00:03: <-- RSET Sat 2024-06-22 06:00:03: --> 250 RSET? Well, OK. Sat 2024-06-22 06:00:03: <-- MAIL FROM:<> SIZE=4885 Sat 2024-06-22 06:00:03: == Processing MAIL scripts Sat 2024-06-22 06:00:03: -- Executing: Invalid Sender -- Sat 2024-06-22 06:00:03: -- Executing: IP Shield -- Sat 2024-06-22 06:00:03: -- Executing: MAIL DNS Lookup -- Sat 2024-06-22 06:00:03: -- Executing: SMTP Authentication Required -- Sat 2024-06-22 06:00:03: --> 250 <>, Sender ok Sat 2024-06-22 06:00:03: <-- RCPT TO: Sat 2024-06-22 06:00:03: Found DISABLED user Sat 2024-06-22 06:00:03: User is disabled: Sat 2024-06-22 06:00:03: == Process
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 6/21/24 09:36, Agi Subagio via Mdaemon-L wrote: Carikan transaksi banned nya di Inbound Log. inbound log ada di attachment - truncate Wed 2024-06-19 18:14:09: ALERT Sender has reached RSET dynamic screening threshold Wed 2024-06-19 18:14:09: --> 421 Too many RSET commands Wed 2024-06-19 18:14:09: ALERT Connection from 172.16.50.16 refused by dynamic screening; 604800 second(s) remain Ini benar dynamic screening yang memblock. Blocking terjadi akibat adanya mail loop antara SG dengan office (backend) server. Wed 2024-06-19 18:14:08: --> 250 <>, Sender ok Wed 2024-06-19 18:14:08: <-- RCPT TO: Wed 2024-06-19 18:14:08: User is not local Wed 2024-06-19 18:14:08: == Processing RCPT scripts for recipient: b2b.notificat...@am.b2b.com.my Wed 2024-06-19 18:14:08: -- Executing: Blocklist -- Wed 2024-06-19 18:14:08: -- Executing: Tarpitting -- Wed 2024-06-19 18:14:08: -- Executing: Relaying Denied -- Wed 2024-06-19 18:14:08: -- Executing: Invalid Recipient -- Wed 2024-06-19 18:14:08: -- Executing: Validate Local Sender -- Wed 2024-06-19 18:14:08: -- Executing: DNS Blocklists (Client IP) -- Wed 2024-06-19 18:14:08: -- Executing: SPF -- Wed 2024-06-19 18:14:08: -- Executing: Callback Verification -- Wed 2024-06-19 18:14:08: --> 250 , Recipient ok Wed 2024-06-19 18:14:08: <-- DATA Wed 2024-06-19 18:14:08: --> 354 Enter mail, end with . Wed 2024-06-19 18:14:08: NULL return path, parsing message headers for sender address Wed 2024-06-19 18:14:08: Sender = mailer-dae...@mbs.co.id Wed 2024-06-19 18:14:08: Found DISABLED user Wed 2024-06-19 18:14:08: User is disabled: Wed 2024-06-19 18:14:08: Message size: 3789 bytes Wed 2024-06-19 18:14:08: Message-ID: Wed 2024-06-19 18:14:08: Accepting SMTP connection from [172.16.50.16 : 41020] on port 25 Wed 2024-06-19 18:14:08: # Sender is a local domain mail server (MBS Mail Server) Wed 2024-06-19 18:14:08: # Sender is on allowlist (IP global : 173878) Wed 2024-06-19 18:14:08: --> 250-mx.mbs.co.id Hello mbs.co.id, pleased to meet you Ini bug, karena sender IP [172.16.50.16] masuk dalam allowlist global. Saya akan laporkan ke MDaemon Security Gateway Developer. Untuk sementara coba masukkan host backend server [mbs.co.id] kedalam allowlists_hosts atau disable "Ban IPs that send this many RSET command. https://help.mdaemon.com/SecurityGateway/en/allowlists_hosts.html https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html Itu kenapa mailer-dae...@mbs.co.id statusnya bisa disable? Akun MAILER-DAEMON@ (<>, Null Reverse Path) umum dipakai sebagai system account untuk meresponse autoresponder, Return-Receive Confirmation dls. Coba diubah statusnya dari userlist menjadi enable/normal. https://help.mdaemon.com/SecurityGateway/en/user_list.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 24.0.1 Beta B Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. There are three kinds of men. The ones that learn by readin’. The few who learn by observation. The rest of them have to pee on the electric fence for themselves. --- Will Rogers -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.0, SecurityGateway 10.0.1
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 6/20/24 15:36, Agi Subagio via Mdaemon-L wrote: Tidak, versi 10.0.2 hanya ada perbaikkan untuk From Header Screening. SecurityGateway terakhir adalah versi 10.0.1 - June 11, 2024 https://files.mdaemon.com/securitygateway/release/relnotes_en.HTM SG 10.0.2 masih berstatus Beta. Ini bukan dynamic screening, melainkan IP blocklist. Dynamic screening ada waktu (durasi) banned, untuk SG lamanya 10 menit (MDaemon standardnya 24 jam). Gambar yg saya kirimkan adalah IP allowlist dan domain mail server yang seharusnya di-exclude oleh Dynamic Screening, tetapi malah tetap kena banned. Salah satunya server email dengan IP 172.16.50.16 Carikan transaksi banned nya di Inbound Log. -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 24.0.1 Beta B Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. Most people spend their entire lives in a fantasy Island called ‘Someday I’ll.’ --- Denis Waitley -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.0, SecurityGateway 10.0.1
[Mdaemon-L] MDaemon Security Gateway 10.0.1 - Dynamic Screening
On 6/20/24 10:33, Agi Subagio via Mdaemon-L wrote: Saya pengguna Mdaemon Security Gateway versi terakhir 10.0.1 mengalami kendala pada fungsi Dynamic Screening. Beberapa IP email server di intenal (subnet 172.16.0.0/16) yang mengirim email melalui Security Gateway ini di-banned padahal sudah masuk dalam allowlisted IP dan sebagai domain mail server. Apakah di versi ini ada bug karena di versi sebelumnya tidak pernah kejadian? Tidak, versi 10.0.2 hanya ada perbaikkan untuk From Header Screening. noLOhOjQlvLnE0Ml.png Ini bukan dynamic screening, melainkan IP blocklist. Dynamic screening ada waktu (durasi) banned, untuk SG lamanya 10 menit (MDaemon standardnya 24 jam). https://help.mdaemon.com/SecurityGateway/en/dynamic_screening.html https://help.mdaemon.com/SecurityGateway/en/blocklists_ips.html -- syafril Syafril Hermansyah MDaemon-L Moderators, running MDaemon 24.0.1 Beta B Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. We do not remember days, we remember moments. --- Cesare Pavese -- --[mdaemon-l]-- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke mdaemon-l-subscr...@dutaint.com Henti Langgan: Kirim mail ke mdaemon-l-unsubscr...@dutaint.com Versi terakhir: MDaemon 24.0.0, SecurityGateway 10.0.1