Using RoS 3.32.2.
Before I switched to MikroTik. in the past I had some nasty problems with infected machines sending large number of spam messages in a short time frame via stolen accounts on the server.
To be on the safe side, now I want to implement some counter measures in advance.
Reading MT wiki, it seems the firewall has the ability to block too many connections to the smtp port 25 during a specified time frame.
http://wiki.mikrotik.com/wiki/How_to_au ... MTP_output
Nevertheless, while testing a crude "spam" generating tool in the form of a batch script looping http://www.blat.net 200 times in a span of ~5 seconds, the rule does not trigger.
The sending IP is outside MT network, connecting via Internet.(not whitelisted)
The SMTP server is behind MT (no NAT).
Code: Select all
add chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 action=add-src-to-address-list
address-list=spammer address-list-timeout=1d comment="Detect and add-list SMTP virus or spammers"
The rule does not catch anything, even tho the connections are made to TCP port 25 and the email are delivered.
There is one connection created for each email sent. Each loop sends only one message.
Am I doing something wrong or the rule is outdated?
Thank you.