I don’t have a lots of experience playing with mikrotik, but is there a way I can mark the connection, then filter connection instead of packet? or thats something not possible ?
You cannot. SMTP/ESMTP allows one to send multiple emails during a single session (connection). Only the receiving mail server can limit that. RouterOS has no means to inspect sessions that deep.
By the way, if you have a router with only end-users behind it (no mail servers) the proper way to block spammers is to drop all TCP packets with destination port 25. Unconditionally. Any properly setup mail server nowadays accepts authenticated incoming SMTP connections from clients on other ports as well, so law-abiding end-users shouldn’t be seriously affected by such measures.
Actually I want to block some end users on the network that are sending email
For some reason in the last month multiple end users “Opened an attachement” that made there computer start sending those attachment to all users in there contact list.
What i want to do is to block those so they can’t send emails until i can remove viruses on there computers.
I would monitor the “address list” in the firewall and if I see computers that are there i go check them, to see if they are infected.
Im not trying to block spam to come inside the network, only spam that goes out of our network
