At various events where we use Mikrotik the end user is removed from his home network therefore their configured SMTP relay no longer accepts the connection. This is not the case for authenticated SMTP as this will be accepted by the ‘home’ ISPs from foreign subnets. Normally if you are using a single line only for the few people that are not on auth SMTP they can change their server settings and get working.
What I want to get to is do this dynamically. BUT - if I transparently hijack port 25 traffic and redirect to local ISP SMTP relay this would break auth SMTP connections so what I am asking for is if anyone knows how to differentiate between non auth SMTP and auth SMTP connection requests.
An additional problem is if I use mutliple aDSLs from different ISPs and load balance, I never know which line the user will hit. With this rule I could also restrict all non-auth SMTP traffic to a single line using mangle / routing mark, therefore successfully redirecting to a known working relay.
It is impossible to tell whether an SMTP connection is going to be authenticated until AT LEAST after the three way handshake, at which point it is too late to point that connection anywhere.
You can do a layer 7 protocol inspection and add to an address list whenever you see an authenticated connection and you’ll know that source - for now - is doing authenticated SMTP and treat future connections from that address list differently. Most users that use authenticated SMTP also use TLS so that will fail.
Your best bet is probably to build a central mail server yourself that permits relay from all your sites and blindly OKs all authentication so that any username and password works, and to transparently proxy all mail through there, or to offer it as a service to users that have issues (some users might object to having their traffic hijacked and their credentials exposed to your server).
Can anybody show me L7 filter for authenticated SMTP example, please?
My idea is accept SMTP authenticated and drop SMTP not authenticated by L7 filter.