Diambil dari http://forum.mikrotik.com/viewtopic.php?t=11474
Hi, i created these 2 simple rules for firewall forward and this work very fine…… do not say it to anybody ;) :D
2 ;;; BLOCK SPAMMERS OR INFECTED USERS
chain=forward protocol=tcp dst-port=25 \
src-address-list=spammer action=drop
3 ;;; Detect and add-list SMTP virus or spammers
chain=forward protocol=tcp dst-port=25 connection-limit=30,32 \
limit=50,5 src-address-list=!spammer action=add-src-to-address-list \
address-list=spammer address-list-timeout=1d
When detect an infected user with a worm or doing spamming this rule add this user to a spammer list and block the SMTP outgoing for 1 day ;)
Regards!
Alessio
Tags: drop, firewall, forward, infected, limit, mikrotik, port, simple, smtp, spam, tcp, time, user, virus
Filed in Mikrotik | admin | January 11, 2008 11:23 pm | 
Comments (1)
Diambil dari http://forum.mikrotik.com/viewtopic.php?t=15721
Hi there, for months I have the idea how to transform one Mikrotik OS in an Anti Spam server. After more than 20 days applying few scripts, firewall rules and address list, I have achieved reduce from 45.000 mails per day to only 11.000/12.000 without many complaints from my customers.
Before continuing, some details about this:
Yes, I know that exists others solutions.
Yes, I know with Linux can obtain the same results.
Yes, I know that it seems a crazy solution.
Yes, I know (in the practice) that this solutions generate a moderate cpu usage. I have a Pentium IV with 75% of cpu usage (this can change with new features from MT… see scripts explanation) and we are a little ISP.
Yes, yes, yes…
but
I use MT from six years ago (when John Tully & Arnis Riekstins answered the company mails themselves) and always I try to resolve any networking necessity whit MT.
I had the trust that can resolve this whit MT.
and after thinking about this, I can’t never sleep all night from many days, so, for my health and wife I made it !!!
Read more »
Tags: ACCEPT, antispam, check, dnsbl, firewall, HIT, host, icmp, icon, lease, linux, live, mail, mangle, mikrotik, network, nth, php, port, postfix, smtp, spam, ssh, tcp, time, TTL, tx, vi, xp
Filed in Mikrotik | admin | 11:15 pm | Comments (1)
Diambil dari http://forum.mikrotik.com/viewtopic.php?f=9&t=20370
YOU WANT IT – YOU GOT IT ![icon cool Disconnecting the users with bad signal [2.9.X]](http://forum.mikrotik.com/images/smilies/icon_cool.gif "Cool")
Small manual:
Install – click system->scripts, click “+”, enter in the name whatevery you want (like signallimiter), click ok, done!
![6z42kbr Disconnecting the users with bad signal [2.9.X]](http://network.web.id/wp-content/uploads/2008/01/6z42kbr.jpg "Disconnecting the users with bad signal [2.9.X]")
Read more »
Tags: check, icon, interface, lease, limit, mikrotik, network, php, signal, time, user, vi
Filed in Mikrotik | admin | January 8, 2008 12:12 pm | Comments Off
Sesuai dengan judul diatas,
inti dari kasus ini adalah penyedia jasa tidak ingin BW yang diberikan kepada user di sharing lagi mempergunakan nat-router.
Ilmu baru buat saya, dengan memberikan TTL=1 ?, mmmm aneh sekali.
Read more »
Tags: firewall, forward, host, icmp, linux, live, mail, mangle, mikrotik, php, router, time, TTL, user, vi, Zero
Filed in Mikrotik | admin | 11:22 am | Comments Off
Diambil dari http://forum.mikrotik.com/viewtopic.php?f=9&t=20420
:local sum; :local traf;
:set sum 0
/ip firewall rule forward {
:foreach i in [find] do={:incr sum}
:for i from=1 to=$sum do={
:set traf [get [find comment=("user" . $i)]
bytes]
:set traf ($traf/1073741824)
:if ($traf>1) do={:log facility=System-Info \
message=("user" . $i ." exceeded 1Gb limit!")}
}
}
Script dibawah berfungsi untuk memberitahu admin via email, bila ada masalah listrik pada UPS yang dipakai oleh mikrotik.
Fungsi dibawah belum pernah saya coba, tapi ide-nya menarik untuk dipelajari.
dari http://forum.mikrotik.com/viewtopic.php?f=9&t=1605
:set sysname [/system identity get name]
:set datetime ([/system clock get date] . " " . [/system clock get time])# Erster Lauf und Flags noch uninitialisiert?
:if (("-" . $flagonbatt)="-") do {:global flagonbatt 0}
:if (("-" . $flagbatlow)="-") do {:global flagbatlow 0}
:set curonbatt false
:set curbatlow false
/system ups monitor [/system ups find name "ups1"] once do {:set curonbatt $on-battery; :set curbatlow $low-battery}
:if (($curonbatt) && ($flagonbatt=0)) do {
:global flagonbatt 1
/tool e-mail send from="ups" to="somwwhere" server="1.1.1.1" subject=($sysname . " ist ohne Strom!") body=($sysname . " hat keinen Saft seit " . $datetime)
:log info "Power-Fail: Email gesendet"
}
:if ((!$curonbatt) && ($flagonbatt=1)) do {
:global flagonbatt 0
/tool e-mail send from="ups" to="somewhere" server="1.1.1.1" subject=($sysname . " hat wieder Strom") body=($sysname . " saftelt wieder seit " . $datetime)
:log info "Power-Restore: Email gesendet"
}
:if (($curbatlow) && ($flagbatlow=0)) do {
:global flagbatlow 1
/tool e-mail send from="ups" to="somewhere" server="1.1.1.1" subject=($sysname . " Batterie leer!") body=($sysname . " hat fast keine Batterie mehr - " . $datetime)
:log info "Batt-Low: Email gesendet"
}
:if ((!$curbatlow) && ($flagbatlow=1)) do {
:global flagbatlow 0
/tool e-mail send from="ups" to="somwhere" server="1.1.1.1" subject=($sysname . " Batterie nachgeladen") body=($sysname . " Battery-Low beendet - " . $datetime)
:log info "Batt-Low-Ende: Email gesendet"
}
