Dear Pak Syafril,
klien kami menerima email spam dengan bitcoin request. setelah saya
cek log nya adalah sebagai berikut :
Wed 2019-05-22 22:23:22.786: 05: Session 698276; child 0001
Wed 2019-05-22 22:23:22.786: 05: Accepting SMTP connection from
94.66.57.110:37660 to 10.0.0.1:25
Wed 2019-05-22 22:23:22.789: 03: --> 220 aksball.co.id ESMTP Wed, 22
May 2019 22:23:22 +0700
Wed 2019-05-22 22:23:23.051: 02: <-- EHLO ppp-94-66-57-110.home.otenet.gr
Wed 2019-05-22 22:23:23.052: 03: --> 250-aksball.co.id Hello
ppp-94-66-57-110.home.otenet.gr [94.66.57.110], pleased to meet you
Wed 2019-05-22 22:23:23.052: 03: --> 250-ETRN
Wed 2019-05-22 22:23:23.052: 03: --> 250-AUTH LOGIN PLAIN
Wed 2019-05-22 22:23:23.052: 03: --> 250-8BITMIME
Wed 2019-05-22 22:23:23.052: 03: --> 250-ENHANCEDSTATUSCODES
Wed 2019-05-22 22:23:23.052: 03: --> 250 SIZE
Wed 2019-05-22 22:23:23.443: 02: <-- MAIL From:
Wed 2019-05-22 22:23:23.445: 05: Performing PTR lookup
(110.57.66.94.IN-ADDR.ARPA)
Wed 2019-05-22 22:23:23.985: 05: * D=110.57.66.94.IN-ADDR.ARPA
TTL=(0) PTR=[ppp-94-66-57-110.home.otenet.gr]
Wed 2019-05-22 22:23:24.231: 05: * D=ppp-94-66-57-110.home.otenet.gr
TTL=(0) A=[94.66.57.110]
Wed 2019-05-22 22:23:24.231: 05: End PTR results
Wed 2019-05-22 22:23:24.233: 05: Performing IP lookup
(ppp-94-66-57-110.home.otenet.gr)
Wed 2019-05-22 22:23:24.233: 05: * D=ppp-94-66-57-110.home.otenet.gr
TTL=(0) A=[94.66.57.110]
Wed 2019-05-22 22:23:24.233: 05: End IP lookup results
Wed 2019-05-22 22:23:24.236: 05: Performing IP lookup (nisarinc.com)
Wed 2019-05-22 22:23:24.484: 05: * D=nisarinc.com TTL=(0) A=[74.208.3.155]
Wed 2019-05-22 22:23:25.182: 05: * P=010 S=000 D=nisarinc.com TTL=(0)
MX=[inbound30.exchangedefender.com] {206.125.40.130}
Wed 2019-05-22 22:23:25.182: 05: End IP lookup results
Wed 2019-05-22 22:23:25.183: 09: Performing SPF lookup
(ppp-94-66-57-110.home.otenet.gr / 94.66.57.110)
Wed 2019-05-22 22:23:25.747: 09: * Result: none; no SPF record in DNS
Wed 2019-05-22 22:23:25.747: 09: End SPF results
Wed 2019-05-22 22:23:25.747: 09: Performing SPF lookup (nisarinc.com /
94.66.57.110)
Wed 2019-05-22 22:23:25.979: 09: * Result: none; no SPF record in DNS
Wed 2019-05-22 22:23:25.979: 09: End SPF results
Wed 2019-05-22 22:23:25.979: 03: --> 250 2.1.0 Sender OK
Wed 2019-05-22 22:23:26.314: 02: <-- RCPT To:
Wed 2019-05-22 22:23:26.340: 03: --> 250 2.1.5 Recipient OK
Wed 2019-05-22 22:23:26.847: 02: <-- DATA
Wed 2019-05-22 22:23:26.848: 01: Creating temp file (SMTP):
d:\mdaemon\queues\temp\md5105374.tmp
Wed 2019-05-22 22:23:26.848: 03: --> 354 Enter mail, end with .
Wed 2019-05-22 22:23:27.609: 01: Message size: 2085 bytes
Wed 2019-05-22 22:23:27.610: 10: Performing DKIM lookup
Wed 2019-05-22 22:23:27.610: 10: * File:
d:\mdaemon\queues\temp\md5105374.tmp
Wed 2019-05-22 22:23:27.610: 10: * Message-ID:
<689902165459230453463...@nisarinc.com>
Wed 2019-05-22 22:23:27.610: 10: * Result: neutral
Wed 2019-05-22 22:23:27.610: 10: End DKIM results
Wed 2019-05-22 22:23:27.614: 19: Performing DMARC processing
Wed 2019-05-22 22:23:27.614: 19: * File:
d:\mdaemon\queues\temp\md5105374.tmp
Wed 2019-05-22 22:23:27.614: 19: * Message-ID:
<689902165459230453463...@nisarinc.com>
Wed 2019-05-22 22:23:27.614: 19: * Author domain: nisarinc.com
Wed 2019-05-22 22:23:27.614: 19: * Organizational domain: nisarinc.com
Wed 2019-05-22 22:23:27.614: 19: * Query domain: _dmarc.nisarinc.com
Wed 2019-05-22 22:23:27.842: 19: *No DMARC policy record found
Wed 2019-05-22 22:23:27.842: 19: * Action taken: none
Wed 2019-05-22 22:23:27.842: 19: * Result: none
Wed 2019-05-22 22:23:27.842: 19: End DMARC results
Wed 2019-05-22 22:23:27.875: 06: Passing message through AntiVirus
(Size: 2085)...
Wed 2019-05-22 22:23:27.876: 06: * Recipient or sender in exclusion list
Wed 2019-05-22 22:23:27.876: 06: End AntiVirus results
Wed 2019-05-22 22:23:28.022: 11: Passing message through Outbreak Protection...
Wed 2019-05-22 22:23:28.022: 11: * Message-ID:
<689902165459230453463...@nisarinc.com>
Wed 2019-05-22 22:23:28.022: 11: * Reference-ID:
str=0001.0A150206.5CE56970.0002,ss=4,re=0.000,recu=0.000,reip=0.000,pt=C_5819,cl=4,cld=1,fgs=12
Wed 2019-05-22 22:23:28.022: 11: * Virus result: 0 - Clean
Wed 2019-05-22 22:23:28.022: 11: * Spam result: 4 - Spam (confirmed)
Wed 2019-05-22 22:23:28.022: 11: * IWF result: 0 - Clean
Wed 2019-05-22 22:23:28.022: 11: End Outbreak Protection results
Wed 2019-05-22 22:23:28.025: 07: Passing message through Spam Filter
(Size: 2085)...
Wed 2019-05-22 22:23:28.587: 07: * 3.0 MDAEMON_OP_SPAM_HIGH MDaemon: spam/phish
Wed 2019-05-22 22:23:28.587: 07: * 0.4 RDNS_DYNAMIC Delivered to
internal network by host with
Wed 2019-05-22 22:23:28.587: 07: * dynamic-looking rDNS
Wed 2019-05-22 22:23:28.587: 07: * 3.2 HELO_DYNAMIC_IPADDR Relay
HELO'd using suspicious hostname (IP
Wed 2019-05-22 22:23:28.587: 07: * addr 1)
Wed 2019-05-22 22:23:28.587: 07: * 2.5 BITCOIN_DEADLINE BitCoin wit