MikroTik

Hi,

I was trying to drop packet that the destination port was 25,465,587 if limit=4/1m,4

those are my rules

chain=forward action=drop protocol=tcp src-address-list=EmailSpammer dst-port=25,587,465
chain=forward action=add-src-to-address-list protocol=tcp address-list=EmailSpammer
address-list-timeout=1m dst-port=25,587,465 limit=4/1m,4


Im not even sure if this is the way to do it.

But I was hopping someone can point me in the right dirrection

I searched online and all i can find is block simultaneous connections, but this is not what im trying to do.


Thanks for any help i can get.

it is difficult to distinguish individual mails. mikrotik reads packets not mails.

I don't have a lots of experience playing with mikrotik, but is there a way I can mark the connection, then filter connection instead of packet? or thats something not possible ?

Or simply how can i achieve what im looking for ?

Or simply how can i achieve what im looking for ?

You cannot. SMTP/ESMTP allows one to send multiple emails during a single session (connection). Only the receiving mail server can limit that. RouterOS has no means to inspect sessions that deep.

By the way, if you have a router with only end-users behind it (no mail servers) the proper way to block spammers is to drop all TCP packets with destination port 25. Unconditionally. Any properly setup mail server nowadays accepts authenticated incoming SMTP connections from clients on other ports as well, so law-abiding end-users shouldn't be seriously affected by such measures.

Actually I want to block some end users on the network that are sending email

For some reason in the last month multiple end users "Opened an attachement" that made there computer start sending those attachment to all users in there contact list.

What i want to do is to block those so they can't send emails until i can remove viruses on there computers.

I would monitor the "address list" in the firewall and if I see computers that are there i go check them, to see if they are infected.


Im not trying to block spam to come inside the network, only spam that goes out of our network

Actually I want to block some end users on the network that are sending email

For some reason in the last month multiple end users "Opened an attachement" that made there computer start sending those attachment to all users in there contact list.

What i want to do is to block those so they can't send emails until i can remove viruses on there computers.

I would monitor the "address list" in the firewall and if I see computers that are there i go check them, to see if they are infected.


Im not trying to block spam to come inside the network, only spam that goes out of our network

I want to achieve the same, what need to be done on my end for future safety. Please help?