Talk:How to autodetect infected or spammer users and temporary block the SMTP output

From MikroTik Wiki
Jump to: navigation, search

Hello ; as i see from the photo attached with the article there are three rules , drop , add to list and drop . and in the CLE commands the first rule to drop the traffic which it's destination is port 25 and originated from spammers list , while in the second rule is to add that traffic to spammers list . ?????? and in the comment of the third rule it say permit while the action of the rule is drop ????? , is it really work ? i am not using hotspot , so the scripts will not fit my settings . i hope to hear other comments . with best regards .

Netinthewest says! I used the second corrected script and it worked straight away but i struggled with the logging script. Turns out you have to name the variable before you can use it so I called it spamip and left out the hotspot stuff

global spamip;
log error "----------Users detected like SPAMMERS -------------";
foreach i in [/ip firewall address-list find list=spammer] do={:set spamip [/ip firewall address-list get $i address];
log error $spamip};