spam cotrol

sri · December 7, 2010, 8:57am

Hi,

How can i control spamming on 450g router board.

Thanks

mrz · December 7, 2010, 8:59am

In firewall allow only your SMTP server, drop the rest. And setup spamfilters on your server.

sri · December 7, 2010, 12:33pm

Thanks,

Can you give me any example.

Question42 · December 7, 2010, 12:33pm

mrz, I assume you meant SMTP server?

sir, what are you trying to achieve? Controlling inbound spam to your mail server, outbound spam from your network or outbound spam from your mailserver?

sri · December 8, 2010, 7:05am

We are running a small ISP i want to block spamming from my customers due to virus or any other issue to hit my upstream provider. I want to drop all the spam at my router itself without reaching my upstream provider router.

Thanks.

Question42 · December 8, 2010, 7:12am

Other than blocking port 25/TCP for anything other than your SMTP server (if you run one) there isn’t anything you can do on the RouterOS box itself. If you have your own mail server then you can use one of the many anti-spam engines (commercial or free) to filter out spam and other malicious emails.

sri · December 8, 2010, 7:35am

Here problem is it is not affecting my mail server, due to this spamming my upstream provider ip-pool is getting blacklisted. Is there any way i can stop spamming to drop at my router.

Thanks

Question42 · December 8, 2010, 9:17am

Yes - as has been said by myself and mrz - block 25/TCP (SMTP) for all except your mail server. Your clients will then have to relay their email through your mail server, where you can apply filtering.

Feklar · December 8, 2010, 5:41pm

The other option is to have a set of filter rules that will drop “suspicious” amounts of e-mail coming from a single host for a while. What amount is suspicious is up to you to determine.

/ip firewall filter
add action=add-src-to-address-list address-list="Block Spam" \
    address-list-timeout=1h chain=forward comment="Detect Possible Spamer" \
    connection-limit=10,32 disabled=no dst-port=25 limit=30,5 protocol=tcp
add action=drop chain=forward comment="" disabled=no dst-port=25 protocol=tcp \
    src-address-list="Block Spam"

With this set of rules, a /32 (single client) is allowed to have up to 10 connections to port 25 at a time, and can send up to 35 packets a second over port 25. Once these limits are violated, they are blocked from sending more mail for 1 hour. Adjust to your needs.