How to deal with spam
my isp informed me of spam going out from my pubic ip, how to find out which client is causing it and deal with this situation?
close port 25 on youre lan
Also make sure your mailserver is not configured to be an open relay. You can test with http://www.mxtoolbox.com/. Another idea is probably to add a logging to your smtp pass rule. If one IP appears nearly all of the time you got your offender.
i am not using a mail server, but the logging smtp rule sounds good, can u give me a hint how to create that rule?
At firewall>lan create a rule like this:
pass, protocol tcp, source lan subnet, destination any, port 25, logging checked, gateway default.
Make sure this rule applies before other rules allowing port 25 out like the default lan to any rule. You'll now see green pass icons in your systemlogs at status>systemlogs, firewall tab. If you want to see more than only the last few items set up a remote syslogserver so you can browse through the past few days/weeks or whatever is needed.