Hi
I have a public ip which have lots of private ips under this ip, this ip getting blacklist many times because of spammers, can we make a firewall rule to drop or prevent blacklisting???
Thanks
Block outbound TCP port 25 and tell the users they must use the submission port (587) to connect to their mail servers.
Web mail users won’t be affected.
If you have any users who run a legitimate email server, then you’ll need to exempt their mail servers’ IP addresses from this blocking.
An example rule would be:
/ip firewall filter add chain=forward protocol=tcp dst-port=25 out-interface=WAN_INTERFACE_NAME action=drop
(make sure the rule’s position in the forward chain makes sense - i.e. comes before anything that would allow tcp/25 to go through.)