Broadcast Email Spam

Posted on June 11, 2009 | Leave a comment

Email adimaulana@adimaulana.com telah mengirimkan spam yang berdampak melakukan broadcast email keluar domain. Kondisi tersebut diduga karena terserang virus atau ditumpangi spammer.

Action yang dilakukan adalah :
1. Ganti password email adimaulana@adimaulana.com lakukan lebih dari 10 digit campuran antara angka dan huruf.

2. Lakukan update dan scan pada PC yang menggunakan email tersebut, menggunakan antivirus yang update.

Jika tahap diatas masih belum mempan, maka tindakan selanjutnya adalah mendisable alamat email tersebut atau menghapus untuk sementara.

dan berikut ini adalah informasi yang menjelaskan email adimaulana@adimaulana.com melakukan spaming.

[root@mailserver log]# postcat -q 5DBED4281D5 |more
*** ENVELOPE RECORDS deferred/5/5DBED4281D5 ***
message_size:            3281            4850              50
0            3281
message_arrival_time: Mon Jun  1 09:37:07 2009
create_time: Mon Jun  1 09:37:07 2009
named_attribute: rewrite_context=remote
sender: info@info.com
named_attribute: encoding=8bit
named_attribute: log_client_name=localhost.localdomain
named_attribute: log_client_address=127.0.0.1
named_attribute: log_message_origin=localhost.localdomain[127.0.0.1]
named_attribute: log_helo_name=localhost
named_attribute: log_protocol_name=ESMTP
named_attribute: client_name=localhost.localdomain
named_attribute: reverse_client_name=localhost.localdomain
named_attribute: client_address=127.0.0.1
named_attribute: helo_name=localhost
named_attribute: client_address_type=2
named_attribute: dsn_orig_rcpt=rfc822;n.perez@tan-group.com

*** MESSAGE CONTENTS deferred/5/5DBED4281D5 ***
Received: from localhost (localhost.localdomain [127.0.0.1])
by mailserver.intra.net (Postfix) with ESMTP id 5DBED4281D5;
Mon,  1 Jun 2009 09:37:07 +0700 (WIT)
Received: from mailserver.intra.net ([127.0.0.1]) by localhost (mailserver.intra.net [127.0.0.1]) (amavisd-new, port 10024)
with LMTP id YD2jfjv1Jhx6; Mon,  1 Jun 2009 09:37:06 +0700 (WIT)
Received: from mail.adimaulana.com (localhost.localdomain [127.0.0.1])
by mailserver.intra.net (Postfix) with ESMTP id BD5F14281BF;
Mon,  1 Jun 2009 09:37:05 +0700 (WIT)
Received: from 41.220.75.3
(SquirrelMail authenticated user adimaulana@adimaulana.com)
by mail.adimaulana.com with HTTP;
Mon, 1 Jun 2009 09:37:05 +0700 (WIT)
Message-ID: <43688.41.220.75.3.1243823825.squirrel@mail.adimaulana.com>
Date: Mon, 1 Jun 2009 09:37:05 +0700 (WIT)
Subject:
From: “ELITE COURIER SERVICE” <info@info.com>
Reply-To: danicole2009@aol.co.uk
User-Agent: SquirrelMail/1.4.9a
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
To: undisclosed-recipients:;

*** HEADER EXTRACTED deferred/5/5DBED4281D5 ***
named_attribute: encoding=8bit
*** MESSAGE FILE END deferred/5/5DBED4281D5 ***

This entry was posted in Postfix. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s