I received notification from my isp that I had an open email proxy on my network sending out spam and that they were going to block my account until it was taken care of.
My network consists of a mikrotik rb433 with an xr2 connected to an omni that has roughly 20 clients connected to it. I receive only one ip from my isp so all my clients are natted. The rb433 handles all of the dhcp, natting, and bandwidth management.
There is an xr5 on the board that is utilized for the backhaul to the main office where the internet comes in.
With an open email proxy creating spam I assumed there would be alot of smtp traffic on port25 so I used torch to see where it was coming from. I tracked down the culprit and then blocked them. I contacted the customer and notified them of the malware they had running on their computer and that they needed to get it fix before I could turn them back on.
I’m wondering what would be good practice to prevent this sort of thing. Are there firewall filter rules I can use on mikrotik that will block spam. Should I limit smtp connections on a per client basis?
Or for now, how could I block just smtp traffic from this particular client.
Are there general firewall rules that most people use on mikrotik routers to block known unwanted traffic?