Saturday, April 9, 2016

Blocking rogue mail server from LAN using Mikrotik

Rogue mail server is any unauthorized mail server which can be used to send emails usually SPAMS. These are mostly compromised computers in the network which are used by spammers via your public IP's to send SPAM to the rest of the world. The main problem of this is your public IP will be frequently listed in world blacklist database and blocking good operation of legitimate mail servers running within your network.
If you're running mail server inside your LAN its good practice to create a firewall that will allow only your mail server IP to send and receive emails and blocking the rest of IP's.
In mikrotik this can be done by simple 3 firewall lines, the firewall lines are below.

Copy and paste the following on mikrotik terminal.
/ip firewall filter
add chain=forward comment="Allowing mail server" dst-port=25 out-interface=\
    ether1-gateway protocol=tcp src-address=192.168.1.200
add chain=forward comment="Allowing mail server" dst-address=192.168.1.200 \
    dst-port=25 in-interface=ether1-gateway log=yes protocol=tcp
add action=drop chain=forward comment="Blocking Spammers" dst-port=25 log=yes \
    protocol=tcp

The first two lines of the firewall allow traffic going and leaving the mail server where the last line block any traffic leaving the LAN via port 25 which which is mainly used to mail traffic.
In this firewall 192.168.1.200 is mail server IP so if you're copy and pasting that firewall you should change that IP.
After that sit and relax because if you find your public IP being blacklisted is because the spam is originated from your mail server and that is easy to troubleshooting if the server is well configured and secured.