MikroTik

If i run a proxy server and all my client traffic pass through it to outside world, It happened that one of the client send a spamm mail and it trace to the proxy IP. How can i know the particular client IP that send the spamm mail?

I need help urgently please.

Why would you proxy port 25.

I think what you are actually asking is not a proxy question but a NAT question. If you NAT all your customers out a single IP what happens if your IP is blacklisted.

Typically you can do one of two things. We use the following rules:

1 ;;; Drop traffic from those on the suspect list
chain=forward action=drop protocol=tcp src-address-list=suspectedspambot
dst-port=25

2 ;;; More than 10 simultaneous connections looks spammy
chain=forward action=add-src-to-address-list protocol=tcp
address-list=suspectedspambot address-list-timeout=2d dst-port=25
connection-limit=10,32

This won't stop the SPAM but it will slow it down. The other thing you can do is torch the interface and look for a single IP with many port 25 connections. You could also block port 25 completely or block it except to your SMTP servers.

Once you have taken care of the problem you can contact the agencies that have blacklisted you and they should remove you from the blacklist.

In the scenario where i have many clients using private IP addressese like 192.168.0.0/24 natted to a single public IP, what is the possibility to detect the spamming client on my network?

Also what those 10 simultaneous connection stand for in detail? Is it like accessing 10 websites at the same time?

Use tools-torch.

Torch an interface and specify port 25. If you have a spammer it should be pretty easy to pick them out.