Hi to all! Need advice on dealing with spam with standard firewall settings!
Please tell us how to deal with spam. Thank you!
Can you be more specific on what type of spam you are concerned about??
How to autodetect infected or spammer users and temporary block the SMTP output…
what criteria do you want to be blocking them based on? You could monitor connection limits on standard ports and block users if they are connecting too much, but usually spam is detected on servers and then you can block an offending IP if you get one.
And what would you advise?
Simply block port 25/tcp for all customers, only whitelist it for specific customers upon request. Nobody needs it nowadays, except a few people still running mail servers on premises.
This seems to be a really good youtube session on how to do exactly what you desire.
Block SMTP spam and identify which PCs are infected.
https://www.youtube.com/watch?v=kh-VMdPeJdM
Is something like this going to go?
/ip firewall raw
add action=drop chain=prerouting dst-port=25 protocol=tcp
Yep
Using raw firewall for a new user is a plain dumb idea. No offense to the OP, and i dont want to discourage learning but it is a powerful bulldozer when you only need a samurai sword and it could get you into trouble!
Did you look at the video, its exactly what you need.
Absolutely no lunch. I watched the video you provided, thank you. However, with the standard firewall settings, I think this is the best solution.