Hi,
I need to block those ip making email spam for "MikroTik RouterOS 6.12".
Can anyone help me create this rule?
Thanks in advance!
Best regards,
Hi BartoszP, thanks for your prompt response.Where do you have spammers address list from ? How this list looks like ?
If you have such list you can use as it is described in this thread http://forum.mikrotik.com/viewtopic.php?t=98804
add chain=udp protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp"
"chain=udp" is wrong.And you can have one rule combined for allCode: Select alladd chain=udp protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp"
[color=black][font=monospace, Courier]/ip firewall filter[/font][/color]
add action=add-src-to-address-list address-list=spammers \
address-list-timeout=3h chain=forward comment=\
"Add Spammers to the list for 3 hours" connection-limit=30,32 dst-port=\
25,587 limit=30/1m,0:packet log-prefix=spammer protocol=tcp
add action=drop chain=forward comment="Avoid spammers action" dst-port=25,587 \
log-prefix=spammer protocol=tcp src-address-list=spammers
add chain=output protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp"
add chain=forward protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp"
It is absolutely useless to put this rule on output chain. Output chain is from your router to outside. I'm sure your router does not send spam.My mistake ... easy to fix if someone is following this thread
Code: Select alladd chain=output protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp" add chain=forward protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp"
Hi Jarda,Even mikrotik routers are connecting out silently without telling you. It's not useless to have firewall rules in output chain.
Grusu,And for what reason you put port 110? It is the port used for the POP3 protocol. Spammers trying to send emails not to download them.
Dont worry I knew it was wrong, but the idea was clear.My mistake ... easy to fix if someone is following this thread
Code: Select alladd chain=output protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp" add chain=forward protocol=tcp dst-port=25,110,465...and_other+ports... action=add-src-to-address-list comment="add src smtp"
And the the entries from the address list are...15 ;;; SPAMERS
chain=output action=add-src-to-address-list protocol=tcp address-list=""
address-list-timeout=3h dst-port=25,110,465
16 ;;; SPAMERS
chain=forward action=add-src-to-address-list protocol=tcp address-list=""
address-list-timeout=3h dst-port=25,110,465
Now I'll monitor their queue for traffic and I may contact them directly to find out where they use those ports intentionally or have become zombies.544 D SPAMERS 10.5.10.234
545 D SPAMERS 10.11.5.172
546 D SPAMERS 10.5.10.40
547 D SPAMERS 190.104.246.162
Hahahaha!!!! thanks BartoszP!!Congratulations Mr. Poirot It's time to catch next one ....
/ip firewall filter
add chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop comment="BLOCK SPAMMERS"
add chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 action=add-src-to-address-list
address-list=spammer address-list-timeout=1d comment="Add SMTP spammers"