So, if you insist on using the mikrotik to try and do this, then simply type that email address into the L7 and set the rule to drop. Of course, this will still hit your mailserver up until the remote server sends this email address in the header...
It would be added to a blacklist address list so further SPAM attempts are tarpitted.
Sent from my EVO using Tapatalk
So, if someone sends spam from gmail... you are going to blacklist that IP address... and therefore blacklist all of gmail? (Or Yahoo, etc)?
See what I said earlier:
It's actually a user account that has been compromised. I disabled the account, but instead I get several gigs of rejected logins each day. The SPAM problem has stopped, but the server is under high load just rejecting logins.
I will be putting in that particular compromised user's address. The firewall will start blacklisting the IPs of the various machines on the botnet to prevent them from attempting to login to the mail server repeatedly.
Now:
1) PC on botnet attempts to authenticate to my SMTP server.
2) The account is in "maintenance mode", so it is rejected.
3) Bunch of log data is written pertaining to the rejection.
4) Goto: 1.
Future:
1) PC on botnet attempts to authenticate to my SMTP server.
2) Router sees the username of the attempted authentication through layer 7.
3) Router adds IP to a blacklist, shutting down present connection, possibly some bit of log entry.
4) PC cannot goto 1 because the router blocks the communication before it ever gets there, saving gigs upon gigs of logs.