Hello,
I don’t know if this is possible. I’m thinking on a way to check the reverse name of each IP which connects to my TCP/25 port. If that name has “dialup” or “dynamic” in it, I would directly drop that connection and add that IP to a list of rejected IP’s, so it will never reach my mail server again.
Does someone know a way to implement this in Mikrotik?? I could even use an external system to do some tasks.
Thank you!
RouterOS is not a mail server. you should do that on your MTA. If your server supports PIPELINING you can set up how many connections one remote host can make to your server, since with pipelining, you are processing e-mails in order, and all new SMTP servers do support that feature. So there is no need to make 20 or 30 connections to your server from some random host.
I know it’s not a mail server… it’s a router and a firewall (among other things). I can do a lot of things in my mail server, but I can’t check the reverse resolution of each incoming TCP/25 connection and drop it it it comes from a dialup or dynamic IP address.
That’s why I’m looking for a way to do it in my Mikrotik firewall and reduce the load of my mail server… 
BTW: pipelinning it’s a completely different thing than what I’m trying to do…
Hi!
I did use search, but obviously I used the wrong search terms…
That script isn’t exactly what I’m looking for, but it’s a nice approach. I may take some ideas from it.
Thank you!
good suggestion is - use DNS server, like bind, on your e-mail server and you should be fast to do that. Bind will be more powerful than resolver in RouterOS. And at the pace spam is coming in, you need very powerful stuff to dothis.
I know that i’m not realy answering your question, but, did you try to force your mail server to check the senders IP against a SPF record on the domains DNS server?
Many servers can check SPF or CallerID (both basicly the same thing) and if records no not match the senders IP, mark them as spam. If no records exist, increase message’s spam rating.
If i’m not mistaking, users who connect to your mail server (using the same port) will be blocked by your script.