There is a link in the wiki of how to autodetect spammers:
http://wiki.mikrotik.com/wiki/How_to_de ... MTP_output
Well, I tried that, and today I had the chance to verify if it is working and unfortunately it didn't. Our mail server got full within minutes with more than thousands of mail. When I saw that I did a torch on port 25 to see which IP was spamming. Once identified the external IP I dropped it with a firewall rule.
This way I stoped the spamming proccess.
Can anyone improve the above example?
Thanks Toni