Here can see in the solution which i invented and work excellent to autodetect and block SMTP viruses or spammers!
Only create these 2 rules in firewall forward:
/ip firewall filter
add chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop comment="BLOCK SPAMMERS OR INFECTED USERS"
add chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 action=add-src-to-address-list
address-list=spammer address-list-timeout=1d comment="Detect and add-list SMTP virus or spammers"
When an infected user is autodetected with a virus worm or doing spam, the user is added to a spammer list and block the STMP outgoing by 1 day, all the values can be adjusted for different networks types or at your convenience
Image:antispam-rules.jpg
[edit] Logging detected users
Next, to display a red Log each 30 minutes listing the detected infected or spammers users using hotspot, add the next script:
/system script
add name="spammers" source=":log error \"----------Users detected like \
SPAMMERS -------------\";
\n:foreach i in \[/ip firewall address-list find \
list=spammer\] do={:set usser \[/ip firewall address-list get \$i \
address\];
\n:foreach j in=\[/ip hotspot active find address=\$usser\] \
do={:set ip \[/ip hotspot active get \$j user\];
\n:log error \$ip;
\n:log \
error \$usser} };" policy=ftp,read,write,policy,test,winbox
Image:logging-spammers.jpg
[Alessio Garavano]
Subscribe to:
Post Comments (Atom)
hello this is very good rules for ISP, kindly could you provide me this script configuration with screen shorts, why because when I past this script in terminal getting some errors, so kindly send me the same to my mail ID: naveen4u12@gmail.com
ReplyDeleteSTMP outgoing by 1 day, how do you stop spam all the values can be adjusted for different networks types or at your convenience
ReplyDelete