Greetings to all guys. I really need your help in solving the problem. There is a MIKROTIK CCR1009-8G-1S-1S + with a white external ip address. firmware version v.6.43.7
A mail server is connected to it, in the logs of the mail server someone is constantly trying to pick up passwords, I naturally want to block attempts to guess the password, I go to the mailer’s log and see that the attempts are coming from the IP address of the microtic himself, that is, as if the selection comes from 192.168.88.1 (gateway), for some reason Mikrotik does not show from which external address attempts to brute-force a password are coming. Although there is a similar microtote with a default configuration and everything is displayed there.
Cannot help without seeing config.
/export hide-sensitive file=anynameyouwish
Please confirm you are using a mail server that requires authentication of some sort (Https, ftps, or whatever kind of encryption is normally used in email TLS? vice plain text password in the clear).