Hey everyone, I hope I'm not doubling up, but I couldn't find any relevant posts...
I have some issues on my hotspot network. I'll give you some history first.
First we re-directed all email through to our isps mailserver and told our customers to turn of SMTP auth as we were trusted ip. However, a spammer (probalby a bot) blew out a few hundred thousand emails and our ISP asked us to use our own mail system. Fair enoug as they were then blacklisted as a result.
I setup my own filtering mail server and trusted my hotspot network. However, this time my source ip was blocked and the issues began again.
Then, we decided to not use our own mail server, telling our customers to use their isp's smtp auth systems to get their mail out, which works well, however, now spambots / viruses, nastys are sending directly to other smtp servers and as a result our hotspot external IP is blocked again *sigh*. Even our internal mail server (for our wirelss business customers with smtp auth) is blocking from our hotspot source IP as it's listed in some RBLs. It's also seeing legitimate traffic being blocked as the source IP is listed.
Now, obviously I could block all smtp traffic over the wireless, but then I'm taking the S and the I out of WISP.
I'd love some pointers towards a solution, I've thought perhaps a rule to block too many simultanous connections or to tarpit them, perhaps there is a "spam" detection script I could put in place? I'm afraid my Mikrotik consultant has been very hard to get hold of recently and my knowledge is building a little too slowly to nail this one... (next time there is a MUM in NZ I'm coming up)
So... Ideas anyone? Love some feedback.
thanks in advance.