Differences

This shows you the differences between two versions of the page.

--- networking:router:mikrotik_mail [2017/07/06 15:08]
gcooper created
+++ networking:router:mikrotik_mail [2018/05/25 09:35] (current)
gcooper
@@ Line 1: / Line 1: @@
-====== Mikrotik Routers and Mail Issues ======
+====== Mikrotik Routers Solving Mail Issues ======
+  - **Define list of spam filter servers**
+    * Allowed to send mail to our internal mail server
+  - **Forward inbound SMTP traffic** to internal mail server
+    * But only from the spam filter servers
+  - **Block outbound SMTP traffic**
+    * But not from the internal mail server
+<note tip>These are the **MSP Mail** (MaxMail) IP address ranges.</note>
+===== Example Configuration =====
+^192.168.51.8    |Internal Mail Server IP address |
+^ether1          |Mikrotik WAN interface          |
+^123.123.123.123 |External (Public) IP Address    |
+FIXME You can use hostnames in newer versions of RouterOS.
+:!: You must **adjust as necessary** (copy->edit->paste).
+<file>
 /ip firewall address-list
 add address=5.10.67.0/24 list=spamfilter
@@ Line 11: / Line 31: @@
 add address=208.43.37.0/24 list=spamfilter
 add address=208.70.88.0/24 list=spamfilter
-add address=208.70.88.0/24 list=spamfilter
+add address=208.70.89.0/24 list=spamfilter
+add address=208.70.90.0/24 list=spamfilter
+add address=208.70.91.0/24 list=spamfilter
+/ip firewall filter
+add action=drop chain=forward comment="Drop Outbound SMTP Except From Mail Server" dst-port=25 \
+  out-interface=ether1 protocol=tcp src-address=!192.168.51.8
+/ip firewall nat
+add action=dst-nat chain=dstnat comment="Forward SMTP to Mail Server" dst-address=123.123.123.123 \
+  dst-port=25 in-interface=ether1 protocol=tcp src-address-list=spamfilter to-addresses=192.168.51.8
+</file>

Virtual Architects Support Wiki

User Tools

Site Tools

Differences

Page Tools