> Ok, so we are passing back and forth negatives/positives of our current > SMTP policy, and are looking for answers on what others are doing. I'm > going to list what we have done, currently doing, and looking for > feedback on what you do...
If I could start over I would make everyone authenticate on port 587 for SMTP. But instead we have this in our Mikrotik firewall. /ip firewall filter add action=jump chain=forward comment="" disabled=no jump-target=smtp add action=add-src-to-address-list address-list=spammer address-list-timeout=6h chain=smtp comment="" connection-limit=\ 15,32 disabled=no dst-port=25 protocol=tcp tcp-flags=syn add action=tarpit chain=smtp comment="" disabled=no dst-port=25 protocol=tcp src-address-list=spammer Any custommer trying to do 15 or more outgoing smtp connections gets there smtp port tarpited for 6 hours. Works pretty well. Matt -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/