Page 1 of 1

spam cotrol

Posted: Tue Dec 07, 2010 10:57 am
by sri
Hi,

How can i control spamming on 450g router board.

Thanks

Re: spam cotrol

Posted: Tue Dec 07, 2010 10:59 am
by mrz
In firewall allow only your SMTP server, drop the rest. And setup spamfilters on your server.

Re: spam cotrol

Posted: Tue Dec 07, 2010 2:33 pm
by sri
Thanks,

Can you give me any example.

Re: spam cotrol

Posted: Tue Dec 07, 2010 2:33 pm
by Question42
mrz, I assume you meant SMTP server?

sir, what are you trying to achieve? Controlling inbound spam to your mail server, outbound spam from your network or outbound spam from your mailserver?

Re: spam cotrol

Posted: Wed Dec 08, 2010 9:05 am
by sri
We are running a small ISP i want to block spamming from my customers due to virus or any other issue to hit my upstream provider. I want to drop all the spam at my router itself without reaching my upstream provider router.

Thanks.

Re: spam cotrol

Posted: Wed Dec 08, 2010 9:12 am
by Question42
Other than blocking port 25/TCP for anything other than your SMTP server (if you run one) there isn't anything you can do on the RouterOS box itself. If you have your own mail server then you can use one of the many anti-spam engines (commercial or free) to filter out spam and other malicious emails.

Re: spam cotrol

Posted: Wed Dec 08, 2010 9:35 am
by sri
Here problem is it is not affecting my mail server, due to this spamming my upstream provider ip-pool is getting blacklisted. Is there any way i can stop spamming to drop at my router.

Thanks

Re: spam cotrol

Posted: Wed Dec 08, 2010 11:17 am
by Question42
Yes - as has been said by myself and mrz - block 25/TCP (SMTP) for all except your mail server. Your clients will then have to relay their email through your mail server, where you can apply filtering.

Re: spam cotrol

Posted: Wed Dec 08, 2010 7:41 pm
by Feklar
The other option is to have a set of filter rules that will drop "suspicious" amounts of e-mail coming from a single host for a while. What amount is suspicious is up to you to determine.
/ip firewall filter
add action=add-src-to-address-list address-list="Block Spam" \
    address-list-timeout=1h chain=forward comment="Detect Possible Spamer" \
    connection-limit=10,32 disabled=no dst-port=25 limit=30,5 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp \
    src-address-list="Block Spam"
With this set of rules, a /32 (single client) is allowed to have up to 10 connections to port 25 at a time, and can send up to 35 packets a second over port 25. Once these limits are violated, they are blocked from sending more mail for 1 hour. Adjust to your needs.