Community discussions

MUM Europe 2020
 
popcorrin
Member Candidate
Member Candidate
Topic Author
Posts: 189
Joined: Wed Mar 11, 2009 12:55 am

Open email proxy on network?

Wed Jul 22, 2009 7:33 pm

I received notification from my isp that I had an open email proxy on my network sending out spam and that they were going to block my account until it was taken care of.
My network consists of a mikrotik rb433 with an xr2 connected to an omni that has roughly 20 clients connected to it. I receive only one ip from my isp so all my clients are natted. The rb433 handles all of the dhcp, natting, and bandwidth management.
There is an xr5 on the board that is utilized for the backhaul to the main office where the internet comes in.

With an open email proxy creating spam I assumed there would be alot of smtp traffic on port25 so I used torch to see where it was coming from. I tracked down the culprit and then blocked them. I contacted the customer and notified them of the malware they had running on their computer and that they needed to get it fix before I could turn them back on.

I'm wondering what would be good practice to prevent this sort of thing. Are there firewall filter rules I can use on mikrotik that will block spam. Should I limit smtp connections on a per client basis?
Or for now, how could I block just smtp traffic from this particular client.
Are there general firewall rules that most people use on mikrotik routers to block known unwanted traffic?
 
User avatar
Eising
Member Candidate
Member Candidate
Posts: 272
Joined: Mon Oct 27, 2008 10:21 am
Location: Copenhagen, Denmark

Re: Open email proxy on network?

Wed Jul 22, 2009 11:17 pm

We block port 25 on all our clients unless they specifically asks for it, and then we provide an smtp server for them.
The road to hell is paved with good intentions.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8333
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: Open email proxy on network?

Thu Jul 23, 2009 12:37 am

my old thought about stopping spambots:

- block port 25 (smtp);
- dedicate some port (like 2525) as replacement for it;
- NAT port 2525 to 25, so that customers who would like to use its mail programs set port 2525 as smtp port in settings;

this thought was born after introduction of 'port translation' in ROS v3:
What's new in 3.11:
*) added ability to dst. nat only address or port, not both at the same time;
Russian-speaking forum: https://forum.mikrotik.by/. Welcome!

For every complex problem, there is a solution that is simple, neat, and wrong.

MikroTik. Your life. Your routing.

Who is online

Users browsing this forum: bulldozer666 and 68 guests