There has been a lot of problem of IP Blacklisting in an ISP Network resulting in page not opening and other problems. Out of several other cases, one of the most important cause is the use of unsecured SMTP port – TCP 25! Thus it’s a highly recommended action to block smtp spammers so safeguard your network from spammers & reduce chances of IP Blacklisting.
Mostly this activity can be done in any good quality firewall or router and we can easily block smtp spammers using some specific rule set. In this post I’m going to discuss how to block smtp spammers in Mikrotik Router OS. I’m sharing the code snippet which has been performed on the current ROS 6.38.5 and is successfully implemented & tested !
/ip firewall filter add action=accept chain=forward comment="Block Port 25" dst-port=25 protocol=tcp src-address-list=verified-smtp-user add action=add-src-to-address-list address-list=smtp-spammers address-list-timeout=0s chain=forward dst-port=25 protocol=tcp src-address-list=pub-pool add action=drop chain=forward dst-port=25 protocol=tcp src-address-list=smtp-spammers
So how the above rules works to block smtp spammers? Find out below:
- All ISP’s have some premium customers (including leased line users) and they might need port 25 open. So, we create an address list “verified-smtp-user” and add all those safe IPs.
- Then we create another address list named “pub-pool” containing all public IP subnets of ISP (Or private in case of NAT’ed environment) which the user gets.
- Okay, then our first rule accepts all safe IPs which attempts TCP port 25 connection.
- The second rule add IPs to address list which tries to connect to TCP port 25.
- The third rule drops all unwanted connections to TCP Port 25.
- You can choose address list timeout as per your requirement after which your IP will be removed from address list.
Some recommendations:
- Always educate your customer to use secured SMTP port like TCP 465 (SSL) or 587 (TLS) and not use TCP port 25.
- Suggest them to use some genuine Internet Security Suites to prevent malware, botnet, worms etc infection.
- Always monitor your network with proper tools and keep your systems firmware up-to-date.