How to autodetect infected or spammer users and temporary block the SMTP output

[yehlu]

https://wiki.mikrotik.com/wiki/How_to_a ... MTP_output

代碼: 選擇全部

/ip firewall filter

add chain=forward protocol=tcp dst-port=25 src-address-list=spammer
action=drop comment="BLOCK SPAMMERS OR INFECTED USERS"

add chain=forward protocol=tcp dst-port=25 connection-limit=30,32 limit=50,5 action=add-src-to-address-list
address-list=spammer address-list-timeout=1d comment="Detect and add-list SMTP virus or spammers"

代碼: 選擇全部

/system script
add name="spammers" source=":log error \"----------Users detected like \
    SPAMMERS -------------\";
\n:foreach i in \[/ip firewall address-list find \
    list=spammer\] do={:set usser \[/ip firewall address-list get \$i \
    address\];
\n:foreach j in=\[/ip hotspot active find address=\$usser\] \
    do={:set ip \[/ip hotspot active get \$j user\];
\n:log error \$ip;
\n:log \
    error \$usser} };" policy=ftp,read,write,policy,test,winbox