Hi, I have our e-mails servers hosted in Dallas Tx USA, we have customers with public IP,s and customers nated behind our mikrotik router.
My NATED public IP (routeros WAN IP) has been blocked recently a few times due spamming the hosting smtp server, I believe it is one of our nated customers causing that. What is confusing is I have the following rules on my firewall but they appear not to be catching the offending IP of my LAN.
/ ip firewall filter
add chain=forward protocol=tcp dst-port=25-26 src-address-list=spammer action=log log-prefix="SPAMMER" comment="BLOCK \
SPAMMERS OR INFECTED USERS, if is listed on spammers list" disabled=yes
add chain=forward protocol=tcp dst-port=25-26 src-address-list=spammer action=drop comment="BLOCK SPAMMERS OR INFECTED \
USERS, if is listed on spammers list" disabled=no
add chain=forward protocol=tcp dst-port=25-26 connection-limit=20,32 limit=10,5 action=log log-prefix="SPAMMER" \
comment="LOG Detect and add-list SMTP virus or spammers for 24 Hours" disabled=no
add chain=forward protocol=tcp dst-port=25-26 connection-limit=20,32 limit=10,5 action=add-src-to-address-list \
address-list=spammer address-list-timeout=1d comment="Detect and add-list SMTP virus or spammers for 24 Hours" \
- Am I doing something wrong here?
I also placed a log rule on output chain logging everything that goes to my smtp server IP, but I have not had any luck catching the offending IP...
- Any other better idea?
Thks in advance guys.