Community discussions

 
Jamshed83
just joined
Topic Author
Posts: 6
Joined: Tue Oct 16, 2012 10:48 am

Outlook regexp

Wed Oct 17, 2012 7:51 am

Hi
guys i am new with mikrotik... i am willing to stop spamming from my network eventually i am managing a public network where different people comes connects to my network and use internet service, if any one of them have virus in his computer how could i stop spamming, i figured out that if i block all other applications which are using port 25 except outlook, this could be the best solution according to me. can anybody tell about the regexp of outlook and how to make rules using layer7 protocol, because i wanted to allow only outlook to use port 25 any other application can not use port 25... what should i do?


IF SOMEONE CAN SUGGEST ANY OTHER SOLID SOLUTION KINDLY HELP ME
THANKS & REGARDS

JAMSH3D
 
jandafields
Forum Guru
Forum Guru
Posts: 1514
Joined: Mon Sep 19, 2005 6:12 pm

Re: Outlook regexp

Fri Nov 02, 2012 3:51 am

Hi
guys i am new with mikrotik... i am willing to stop spamming from my network eventually i am managing a public network where different people comes connects to my network and use internet service, if any one of them have virus in his computer how could i stop spamming, i figured out that if i block all other applications which are using port 25 except outlook, this could be the best solution according to me. can anybody tell about the regexp of outlook and how to make rules using layer7 protocol, because i wanted to allow only outlook to use port 25 any other application can not use port 25... what should i do?


IF SOMEONE CAN SUGGEST ANY OTHER SOLID SOLUTION KINDLY HELP ME
THANKS & REGARDS

JAMSH3D
SMTP is a standard... it's all going to look the same, I don't think you can really pick out Outlook. even if you could, it would be easy for a spammer to add the outlook signature to their traffic. also, you would end up blocking legitimate stuff like encrypted smtp, outlook express, thunderbird, opera mail, incredimail, etc...
 
Jamshed83
just joined
Topic Author
Posts: 6
Joined: Tue Oct 16, 2012 10:48 am

Re: Outlook regexp

Wed Nov 07, 2012 11:31 am

i just wanted to block spamming from my network but i am very furstrated, because i have tried so many rules but couldn't get rid of spammers, kindly help me to get rid of this issue
 
jandafields
Forum Guru
Forum Guru
Posts: 1514
Joined: Mon Sep 19, 2005 6:12 pm

Re: Outlook regexp

Thu Nov 08, 2012 4:16 pm

You can block ALL traffic on port 25, except your own SMTP server. That's what AT&T does.

-or-

You can write a firewall rule to watch port 25. If it gets more than xx hits per hour from a certain address, then log it and block them permanently.
 
Jamshed83
just joined
Topic Author
Posts: 6
Joined: Tue Oct 16, 2012 10:48 am

Re: Outlook regexp

Thu Nov 08, 2012 9:45 pm

You can block ALL traffic on port 25, except your own SMTP server. That's what AT&T does.

-or-

You can write a firewall rule to watch port 25. If it gets more than xx hits per hour from a certain address, then log it and block them permanently.
your 2nd option is very good but how to do so, because I have tried to make a rule but it said
too many connections
and stopped all terrific on port 25.
Kindly help me to get rid of that issue.
 
jandafields
Forum Guru
Forum Guru
Posts: 1514
Joined: Mon Sep 19, 2005 6:12 pm

Re: Outlook regexp

Thu Nov 08, 2012 10:05 pm

You can block ALL traffic on port 25, except your own SMTP server. That's what AT&T does.

-or-

You can write a firewall rule to watch port 25. If it gets more than xx hits per hour from a certain address, then log it and block them permanently.
your 2nd option is very good but how to do so, because I have tried to make a rule but it said
too many connections
and stopped all terrific on port 25.
Kindly help me to get rid of that issue.
I thought you WANTED to stop traffic on port 25 if there was too many connections.
 
rodolfo
Long time Member
Long time Member
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: Outlook regexp

Fri Nov 09, 2012 7:56 am

Usually people configure antispam feature of mail server, not a firewall rule.
which mail server do you use?
rodolfo
IZ0UQV
 
Jamshed83
just joined
Topic Author
Posts: 6
Joined: Tue Oct 16, 2012 10:48 am

Re: Outlook regexp

Fri Nov 09, 2012 2:18 pm

i am not using any mail server but using a hosted service from an isp i used to configure in outlook smtp and pop3 "mail.rphcc.com" and this works very fine for few months but now my internet ip is listed on different antispam. i am attaching an screen shot of the error
You do not have the required permissions to view the files attached to this post.
 
rodolfo
Long time Member
Long time Member
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: Outlook regexp

Sat Nov 10, 2012 11:07 am

Ok, there are two cases:
1. you have a virus which send by itself spam from your connection
2. you have a virus which send spam using your mail client

the more frequent is the first case.

Some ideas of wath you can do:
1. antivirus your network
2. block in forward port 25 and configure your email client to use ssl
3. write a firewall rule to allow outgoing SMTP port only to the ip address of your isp
4. Try to configure a different SMTP port on your clients (i.e. 225) then nat this port in forward, only to your isp SMTP port 25
rodolfo
IZ0UQV
 
Jamshed83
just joined
Topic Author
Posts: 6
Joined: Tue Oct 16, 2012 10:48 am

Re: Outlook regexp

Mon Nov 12, 2012 1:31 pm

will you please help me how to make such rules in firewall i will be very thankful to you
 
rodolfo
Long time Member
Long time Member
Posts: 543
Joined: Sat Jul 05, 2008 11:50 am

Re: Outlook regexp

Mon Nov 12, 2012 10:34 pm

1. it is necessary you idetify the pc sending spam

2. block in forward port 25 and use ssl:
/ip firewll filter
add action=drop chain=forward disabled=no dst-port=25 protocol=tcp
3. write a firewall rule to allow outgoing SMTP port only to the ip address of your isp (suppose ip address is 1.1.1.1)
/ip firewll filter
add action=drop chain=forward disabled=no dst-address=!1.1.1.1 dst-port=25 protocol=tcp
this is the first rule I try to use

4. Try to configure a different SMTP port on your clients (i.e. 225) then nat this port in forward, only to your isp SMTP port 25 (suppose your configured smtp port is 2255)
/ip firewll filter
add action=drop chain=forward disabled=no dst-port=25 protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat disabled=yes dst-address=1.1.1.1 dst-port=\
    2255 protocol=tcp to-addresses=1.1.1.1 to-ports=25
this rule refine the number 3
rodolfo
IZ0UQV
 
Jamshed83
just joined
Topic Author
Posts: 6
Joined: Tue Oct 16, 2012 10:48 am

Re: Outlook regexp

Tue Nov 13, 2012 8:02 am

Thank you very much dear :D i will try port nating today then will share my experience with you

Thanks
Jamhsed

Who is online

Users browsing this forum: Google [Bot] and 111 guests