The other option is to have a set of filter rules that will drop "suspicious" amounts of e-mail coming from a single host for a while. What amount is suspicious is up to you to determine.
Code: Select all
/ip firewall filter
add action=add-src-to-address-list address-list="Block Spam" \
address-list-timeout=1h chain=forward comment="Detect Possible Spamer" \
connection-limit=10,32 disabled=no dst-port=25 limit=30,5 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp \
With this set of rules, a /32 (single client) is allowed to have up to 10 connections to port 25 at a time, and can send up to 35 packets a second over port 25. Once these limits are violated, they are blocked from sending more mail for 1 hour. Adjust to your needs.