31
Indonesia Users / Re: Tidak dapat mengirim dan menerima email
« on: 2016-11-28, 08:24:40 »
ini pak saat saya update hasil nya gini : http://pastebin.com/jDmusP3L
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Kloxo-MR 7.0 anda belum terupdate. Seharusnya '7.0.0.b-2016112001' (dan bukan '7.0.0.b-2016021403')
Coba infokan lagi 'sh /script/sysinfo' (tentunya setelah update Kloxo-MR)
[root@vps ~]# sh /script/sysinfo
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016021403
- Web: hiawatha-10.1.0-f.6.mr.el6.i686
- PHP: php53s-5.3.29-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) i686
- Hostname: vps.XXXX.com
C. Services:
1. MySQL: mysql55-5.5.47-1.ius.el6.i686
2. PHP:
- Branch: php53u-cli-5.3.29-1.ius.el6.i686
- Multiple:
* php55m-5.5.26-1.ius.el6
- Used: --Use PHP Branch--
3. Httpd: httpd-2.2.31-1.mr.el6.i386
- PHP Type: php-fpm_event
4. Lighttpd: --uninstalled--
5. Hiawatha: --used--
6. Nginx: --uninstalled--
7. Cache: --uninstalled--
8. Dns: --uninstalled--
9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.i386
- with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.i386
D. Memory:
total used free shared buffers cached
Mem: 1006 454 552 60 31 157
-/+ buffers/cache: 265 741
Swap: 1023 1 1022
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 20G 15G 4.5G 77% /
*** Process Time: 00:00:00:03.3923 (dd:hh:mm:ss:xxxxxx) ***
* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
(importance after Kloxo-MR update)
Lihat saja di 'mail queue' dan 'log manager' pada bagian 'mail log'.
messages in queue: 0
messages in queue but not yet preprocessed: 0
Nov 27 23:23:10 vps smtp: recordio: fatal: unable to run /usr/bin/spamdyke: file does not exist
Nov 27 23:23:10 vps smtp: tcpserver: end 24718 status 28416
Nov 27 23:23:10 vps smtp: tcpserver: status: 0/100
Nov 27 23:23:10 vps smtp: 24718 < [EOF]
Nov 27 23:23:10 vps smtp: 24718 > [EOF]
Nov 27 23:25:08 vps authlib: INFO: stopping authdaemond children
Nov 27 23:25:08 vps send: status: exiting
Nov 27 23:25:08 vps spamd: Nov 27 23:25:08.778 [20777] info: spamd: server killed by SIGTERM, shutting down
Nov 27 23:25:08 vps pop3: tcpserver: status: 0/200
Nov 27 23:25:09 vps authlib: INFO: modules="authvchkpw", daemons=15
Nov 27 23:25:09 vps smtp: tcpserver: status: 0/100
Nov 27 23:25:09 vps imap4-ssl: tcpserver: status: 0/40
Nov 27 23:25:09 vps authlib: INFO: Installing libauthvchkpw
Nov 27 23:25:09 vps submission: tcpserver: status: 0/100
Nov 27 23:25:09 vps smtp-ssl: tcpserver: status: 0/100
Nov 27 23:25:09 vps imap4: tcpserver: status: 0/40
Nov 27 23:25:09 vps send: status: local 0/10 remote 0/60
Nov 27 23:25:09 vps pop3-ssl: tcpserver: status: 0/40
Nov 27 23:25:09 vps authlib: INFO: Installation complete: authvchkpw
Nov 27 23:25:12 vps spamd: Nov 27 23:25:12.826 [24818] info: spamd: server started on IO::Socket::INET6 [0.0.0.0]:783 (running version 3.4.0)
Nov 27 23:25:12 vps spamd: Nov 27 23:25:12.827 [24818] info: spamd: server pid: 24818
Nov 27 23:25:12 vps spamd: Nov 27 23:25:12.830 [24818] info: spamd: server successfully spawned child process, pid 24886
Nov 27 23:25:12 vps spamd: Nov 27 23:25:12.832 [24818] info: spamd: server successfully spawned child process, pid 24887
Nov 27 23:25:12 vps spamd: Nov 27 23:25:12.839 [24818] info: prefork: child states: SI
Nov 27 23:25:12 vps spamd: Nov 27 23:25:12.841 [24818] info: prefork: child states: II
Lakukan update dengan 'yum clean all; yum update -y'. Jika berhasil update, jalankan 'sh /script/cleanup'.
[root@vps ~]# sh /script/sysinfo
A. Control Panel:
- Kloxo-MR: 7.0.0.b-2016021403
- Web: hiawatha-10.1.0-f.6.mr.el6.i686
- PHP: php53s-5.3.29-1.ius.el6 (fpm mode)
B. Plateform:
- OS: CentOS release 6.7 (Final) i686
- Hostname: vps.xxxx.com
C. Services:
1. MySQL: mysql55-5.5.47-1.ius.el6.i686
2. PHP:
- Branch: php53u-cli-5.3.29-1.ius.el6.i686
- Multiple:
* php55m-5.5.26-1.ius.el6
- Used: --Use PHP Branch--
3. Httpd: httpd-2.2.31-1.mr.el6.i386
- PHP Type: php-fpm_event
4. Lighttpd: --uninstalled--
5. Hiawatha: --used--
6. Nginx: --uninstalled--
7. Cache: --uninstalled--
8. Dns: --uninstalled--
9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.i386
- with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.i386
D. Memory:
total used free shared buffers cached
Mem: 1006 316 689 60 11 110
-/+ buffers/cache: 193 812
Swap: 1023 0 1023
E. Disk Space:
Filesystem Size Used Avail Use% Mounted on
/dev/vda1 20G 15G 4.4G 77% /
*** Process Time: 00:00:00:03.3393 (dd:hh:mm:ss:xxxxxx) ***
* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
(importance after Kloxo-MR update)
Kita grep "nm11.cms.usa.net" di /var/log/secure dan /var/log/maillog
cat /var/log/maillog* | grep nm11.cms.usa.net | less
cat /var/log/maillog* | grep 165.212.10.11 | less
cat /var/log/secure* | grep nm11.cms.usa.net | less
cat /var/log/secure* | grep 165.212.10.11 | less
Kalau ada hasilnya mungkin bisa di pastekan.
Kemudian untuk antisipasi lebih lanjut, kita berlakukan rule SPF pada domain yang bersangkutan terkena kasus spam. Add record TXT pada root domain kemudian isikan :
v=spf1 a mx ip4:<ip.vps> -all
Info yang saya minta untuk sendmail maupun link dari @noob sama tujuannya yaitu siapa/darimana sendmail dilakukan. Masalahnya info sendmail yang anda berikan tidak ada proses kirim yang berlebihan dari suatu sumber. Bisa jadi 'kebocoran' tidak dari sendmail tapi dari smtp (artinya perlu login agar bisa kirim melalui smtp).
coba pake ini: http://forum.mratwork.com/kloxo-mr-tips-and-tricks/sendmail-userid-usage-limits-(script-v1-1b)/
membatasi jadi pengiriman maksimal 25 email/jam.
baru tanggal 9 februari kemarin salah satu klien saya kena, untungnya saya pakai script tsb sehingga bisa dilimit. dan enaknya di /var/log/ terdapat log harian, sehingga bisa tau client mana yang menyebabkan hal tsb.
langsung ditangani dan bisa juga dengan membatasi dulu klien tsb sehingga cuma bisa kirim 20 email/hari agar tidak melakukan spam sebelum problem solve
Cuma beberapa puluh/ratus saja hasilnya?. Dari hasil yang ada tidak website yang patut dicurigai sebagai 'penyebar' spam.Coba 'cat /var/log/maillog* | grep -i sendmail'
sudah pak, hasil nya di link ini : http://pastebin.com/0EsfUJpj
Coba 'cat /var/log/maillog* | grep -i sendmail'
Infokan 'dir -l /var/log/maillog*'.Coba infokan saja 'cat /var/log/maillog | grep -i sendmail | less'.
hasil nya kosong pak...
[root@vps ~]# dir -l /var/log/maillog*
-rw------- 1 root root 0 Feb 14 03:50 /var/log/maillog
-rw------- 1 root root 7355995 Jan 31 17:24 /var/log/maillog-20160127
-rw------- 1 root root 1495718 Feb 7 08:48 /var/log/maillog-20160207
-rw------- 1 root root 9203148 Feb 17 02:15 /var/log/maillog-20160214
[root@vps ~]#
Coba infokan saja 'cat /var/log/maillog | grep -i sendmail | less'.
[root@vps ~]# maldet --report
Linux Malware Detect v1.5
(C) 2002-2015, R-fx Networks <proj@rfxn.com>
(C) 2015, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
GNU nano 2.0.9 File: ...al/maldetect/sess/session.160216-2234.14237
HOST: vps.acmi1899.com
SCAN ID: 160216-2234.14237
STARTED: Feb 16 2016 22:34:51 -0500
COMPLETED: Feb 16 2016 22:37:56 -0500
ELAPSED: 185s [find: 5s]
PATH: /home
TOTAL FILES: 61018
TOTAL HITS: 0
TOTAL CLEANED: 0
===============================================
Linux Malware Detect v1.5 < proj@rfxn.com >
..::
Monetize Your Website with ylliXmedia ::..
..:: Online Advertising that Sale Anything with ylliXmedia ::.. |
Page created in 0.044 seconds with 17 queries.