I have an email server hosted behind mikrotik. I forward port 25 from WAN interface to internal mail system using nat rule. at email server i also have Symantec anti spam installed.
Yesterday I faced issue that my public ip got listed in BLACK LIST at barracuda and another spam list , I know my users they are all simple corporate users with good antivirus and antispam at there pcs as well with updated windows.So what I am guessing is that some EXTERNAL spammer somehow used my email server to propagate spamming.
Is there any mikrotik firewall rules that I can use to block SMTP Flooder who are sending mass emails ? either incoming (from external users) OR outgoing (from internal users)?
I saw this link http://wiki.mikrotik.com/wiki/How_to_autodetect_infected_or_spammer_users_and_temporary_block_the_SMTP_output
but i guess its for internal user like IN to OUT ? will this help?