RouterOS v. 6.33rc30
E-Mail Server setup Mikrotik
STEP 0 Insert this in New terminal Console, the Script will set up your smtp mail Tool
{
Script to set your smtp server for gmail
if you use other mail server change the address above
:local srvip "173.194.77.108";
if you use other mail server change the port above
:local port "587";
set e-mail address from here
:local from "your.mail@gmail.com";
set your e-mail account name here
:local account "your.mail@gmail.com";
set your e-mail account password here
:local psw "youraccountpassword";
DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!!
/tool e-mail set address=$srvip port=$port start-tls=yes from=$from user=$account password=$psw
:put ("Setup complete ! " . "Your Public mail Server Address is $srvip " . "Port number $port "
. "all your mails will display from $from ");
}
\
add to Scheduler and run with Time Interval 00:02:00
{
:foreach i in=[/ip firewall address-list find ] do={
STEP 1 set your prefered List Name here or leave it as it is
:global lst "Bitcoin";
do not change ip address below
:local ip "255.255.255.254";
:if ([/ip firewall address-list find address=$ip ] = "" ) do={
/ip firewall address-list add list="$lst" address=$ip comment="Parent List $lst"
Use DNS Entrys and add dst Address to the Firewall Address-list
:foreach i in=[/ip dns cache all find where (name~"bitcoin" || name~"coin" || name~"bitmine" || name~"mining" || name~"planetminecraft"
|| name~"superbithost" || name~"thcservers" || name~"bluishcoder" || name~"ringingliberty" || name~"p2pfoundation" || name~"bitquest"
|| name~"epicscale" || name~"utorrent" || name~"bestcccamserver") && (type="A") ] do={
:local tmpAddress [/ip dns cache get $i address];
delay delay-time=10ms
prevent script from using all cpu time
:if ( [/ip firewall address-list find where address=$tmpAddress] = "") do={
:local cacheName [/ip dns cache get $i name] ;
:log info ("added entry: $cacheName $tmpAddress");
/ip firewall address-list add address=$tmpAddress list="$lst" timeout=6h comment=$cacheName;
}
}
}
}
}
\
add to Scheduler and run with Time Interval 04:00:00
{
STEP 2 set your in-interface here
:local iif "bridge";
STEP 3 set your jump target name for mangle here, the same name will be the new chain or leave it as it is
:local jt "bitcoin_mangle";
STEP 4 set your jump rule comment here or leave it as it is
:local jtc "Jump to Bitcoin Chain";
STEP 5 set dst-address-list here, you must get the same name which from STEP 1 or leave it as it is
:local dal "Bitcoin";
STEP 6 set your new-connection-mark name here or leave it as it is
:local ncm "btc_con";
STEP 7 determine the size in Megabytes here, connection is determined as valid after reaching size
:local size "10";
STEP 8 set your prefered connection-mark comment here or leave it as it is
:local cmc "Bitcoin Connection";
STEP 9 set your prefered src-address-list Name here or leave it as it is, this list will display your client IP addresses
:local sal "Affected Client Address";
STEP 10 set your prefered add-src-to-address-list comment here or leave it as it is
:local sl "Bitcoin Miner Add Src to Address List";
STEP 11 set your own comment for drop rule, after reached Limit of STEP 7 the Malware connection will be closed
:local mwc "Drop Malware Con";
STEP 12 set your jump target name for fw-filter here, the same name will be the new chain or leave it as it is
:local fwf "bitcoin_chain";
DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!!
:local mib [($size10241024)];
:log warning ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Removing old Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle remove [ find comment="$jtc" ];
/ip firewall mangle remove [ find comment="$cmc" ];
/ip firewall mangle remove [ find comment="$sl" ];
/ip firewall filter remove [ find comment="$jtc" ];
/ip firewall filter remove [ find comment="$mwc" ];
:log warning ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
:put ("Adding new Mangle=$jtc " . "Mangle=$cmc " . "Mangle=$sl " . "and Filter $jtc " . "else $mwc");
/ip firewall mangle
add chain=forward protocol=tcp in-interface=$iif dst-address-list=$dal action=jump jump-target="$jt" comment="$jtc"
add chain="$jt" protocol=tcp in-interface=$iif dst-address-list="$dal" action=mark-connection new-connection-mark="$ncm"
connection-bytes="$mib-0" passthrough=yes comment="$cmc"
add chain="$jt" dst-address-list="$dal" action=add-src-to-address-list address-list="$sal" address-list-timeout=6h
connection-mark="$ncm" comment="$sl"
/ip firewall filter
add chain=forward protocol=tcp dst-address-list=$dal in-interface=$iif connection-mark="$ncm" action=jump jump-target="$fwf" comment="$jtc"
add chain="$fwf" protocol=tcp connection-mark="$ncm" action=drop dst-address-list="$dal" src-address-list="$sal" comment="$mwc"
script will now resolving email settings
:foreach i in=[/ip firewall address-list find list="$sal" ] do={
:local ip [/ip firewall address-list get $i address];
:local mac [/ip hotspot user get [ find address=$ip ] mac-address ];
:local name [/ip hotspot user get [ find address=$ip ] name ];
:if ([/ip hotspot user get [ find address=$ip ] email ] != "" ) do={
:local clmail [/ip hotspot user get [ find address=$ip ] email ];
set your Sender here, your email address this will be displayed in from
:local from "your.mail@gmail.com";
set your Subject Mensagem for email receifer here
:local sub "Alert ! Your Computer is Infected !";
:log warning ("Basic mail setup from $from with Subject $sub to User $name IP $ip Mac $mac email address $clmail complete")
:put ("Basic mail setup from $from with Subject $sub to User $name IP $ip Mac $mac email address $clmail complete")
set mail body, txt Mensagen for receifer here
:local body "Our Firewall has detected Bit Mining Software, Malware, Virus, or Trojans is communicating from your Device to their Server! The Connection will be closed ! Thank you !";
DO NOT EDIT NOTHING BELOW, THIS CAN BREAK THE SCRIPT !!!
:log info ("Mail Body txt is $body");
:put ("Mail Body txt is $body");
/tool e-mail send to="$clmail" from="$from" subject="$sub" body="$body"
}
}
}
im sorry