I simply wanted to block port 25.
So I placed the rules as given by Microtik support, but there is absolutely 0 traffic hitting, while I can clearly see the wan port and lan port getting all spammers traffic.
Attached is the screenshot of the firewall rule and torch of wan to show that, the rule doesnt work which the microtik support had given me.
So, who is at fault ?
Microtik support or the OS itself ?
IM using 6.37.5 bug fix version.
Change the chain to “Input”, Forward only blocks traffic passing through the router. If you want to stop from sending email (port 25) from inside your network, change the chain to “Output” which will block all port 25 going out the wan port. Also make sure you specify which interface for input and output (in your case it looks like you are using an SFP port for your WAN connection, but i can’t be 100% sure without looking at your whole config.
Also i see you have an accept rule for port 25, and a block rule for port 25, If you want to block port 25 completley, put the block rule above the accept rule (or disable the accept rule all together).
From looking at the torch screenshot I assume soamz is definitely routing some public subnets.
I have to contradict your statement, mlpaul. the forward chain is exactly the rule to apply. Input chain catches all connections terminating in the router, output chain covers all connections originiated by the router itself. In this case, soamz is routing at least one public subnet through another public network.
-Chris
I don’t see any errors in your screenshots.
mlpauls is right that the accept rule would be counterproductive when you want to drop the traffic.
But nevertheless, the counters should show anything but zero.
Looking at your SIP drop rules at the bottom proves that the firewall is working.
So there must be something wrong with you rules - and WinBox doesn’t show all parameters of a rule in the list view.
Could you post an export of your firewall rule set?
/ip firewall filter export
And, if possible, your interfaces and IP-addresses (so that we know which networks you serve)
This could help us figuring out what’s going wrong.
-Chris
Can I post to your PM ?
And I created the rules again and add to src list for drops = smtp-spammers
But instead of my customer IP blocks getting added to the smtp-spammers list, I can see foreign IP blocks too.
So, Im kind of confused, what the rule is doing.
Is it blocking my customers or the ones who are trying to send email to my customers.
See the new 3 screenshots.
Accept rule = The business customers IP have added to a address-list = verified-smtp-users
So, basically accept rule will allow them to send emails from their computer using port 25.
Add to src-address-list = Adding the customers who are trying to use port 25 to send emails.
drop = dropping the customers connections to port 25.
Anything which I did mistake ?
If I torch my WAN port, howcome multiple different servers are trying to send email to one single customer ?
For sure, the customer is not that famous, who will get 100s of emails every second.
What could it be ?
See screenshot.
confused.
all microtik threads and even microtik support emailed me this.
If 103.75.41.217 is your customer, you’re not looking at smtp traffic to them, it’s traffic from them to many remote mail servers. So either they went into spamming business or got hacked or something.
yes thats my customer.
I ended up blocking him 25.