SMTP Spamming in ISP ..

By | April 8, 2022

SMTP works on port 25 and SMTP are used for mail transmission, But SMTP itself is not secure, The main disadvantage is it can be easily hacked or spammed. There are so-called “fake emails” that are messages sent using any address (for example abc@abc.com) to any recipient.

Another issue In an ISP network, Most often you may have come across a scenario where
many websites are not accessible from one of the particular public IPs, and once you
will change that public IP then that website will open ….so why does this happen ??.
This happens because your IP has been blocked in destination end firewalls and that’s
what we called “IP black listing”.

IP blacklisting is a method used to filter out illegitimate or malicious IP addresses from
accessing your networks. For example, when you are accessing a website The website
the hosting provider has a firewall in their Datacenter so all of your traffic to that website
will travel through that firewall and that firewall will check a lot of things like session
time and state of the session, and the number of sessions. port knocking and also
some upper-layer information. So if they found any unwanted and spoofed session
which is being tried to establish they will consider it malicious and then automatically
your source IP will be blocked by their firewall and that’s what we called IP black listing..
and those blocked IPs will be considered spammers.

So in an ISP, most often one public IP is being Natted for multiple users so if
that public IP will be black listed then all the users will be impacted and then you as an
ISP needs to talk with that hosting provider’s Network engineer for removing your
public IP from their blocking list of firewalls. and ultimately you will lose your IP reputation
globally.

In an ISP network, Not only SMTP is the reason behind the IP black listing
but also SMTP is one of them so you have to block the SMTP(25) default port for all of your
users. But in an ISP, There are corporate users who have hosted their own
mail server in their own infra and they may argue with you to open port 25 so you
have to allow the port 25 from their IP only, So Normally the corporate or lease line
users can complain about it and you have to allow the port 25 from your
corporate users IP pool and for all broadband users, you can block the SMTP port 25.

So ask your customer to use SMTP SSL(465) or TSL(587) instead of using the default port 25.

How we can Block the SMTP Spammers in Mikrotik.?

in the configuration given below, i am completely blocking the smtp port 25 and
 i am allowing the SMTP port 25 for only corporate users..!!
/ip firewall filter
add action=accept chain=forward dst-port=25 protocol=tcp src-address-list=CORPORATE-POOL
add action=add-src-to-address-list address-list=SPAMMERS address-list-timeout=0s chain=forward dst-port=25 protocol=tcp src-address-list=MY-LAN-POOL
add action=drop chain=forward dst-port=25 protocol=tcp src-address-list=SPAMMERS

Leave a Reply

Your email address will not be published.