====== Mikrotik Routers Solving Mail Issues ======
- **Define list of spam filter servers**
* Allowed to send mail to our internal mail server
- **Forward inbound SMTP traffic** to internal mail server
* But only from the spam filter servers
- **Block outbound SMTP traffic**
* But not from the internal mail server
These are the **MSP Mail** (MaxMail) IP address ranges.
===== Example Configuration =====
^192.168.51.8 |Internal Mail Server IP address |
^ether1 |Mikrotik WAN interface |
^123.123.123.123 |External (Public) IP Address |
FIXME You can use hostnames in newer versions of RouterOS.
:!: You must **adjust as necessary** (copy->edit->paste).
/ip firewall address-list
add address=5.10.67.0/24 list=spamfilter
add address=94.186.192.0/24 list=spamfilter
add address=174.36.154.0/24 list=spamfilter
add address=192.69.16.0/24 list=spamfilter
add address=192.69.17.0/24 list=spamfilter
add address=192.69.18.0/24 list=spamfilter
add address=192.69.19.0/24 list=spamfilter
add address=208.43.37.0/24 list=spamfilter
add address=208.70.88.0/24 list=spamfilter
add address=208.70.89.0/24 list=spamfilter
add address=208.70.90.0/24 list=spamfilter
add address=208.70.91.0/24 list=spamfilter
/ip firewall filter
add action=drop chain=forward comment="Drop Outbound SMTP Except From Mail Server" dst-port=25 \
out-interface=ether1 protocol=tcp src-address=!192.168.51.8
/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward SMTP to Mail Server" dst-address=123.123.123.123 \
dst-port=25 in-interface=ether1 protocol=tcp src-address-list=spamfilter to-addresses=192.168.51.8