====== Mikrotik Routers Solving Mail Issues ======

  - **Define list of spam filter servers**
    * Allowed to send mail to our internal mail server
  - **Forward inbound SMTP traffic** to internal mail server
    * But only from the spam filter servers
  - **Block outbound SMTP traffic**
    * But not from the internal mail server

<note tip>These are the **MSP Mail** (MaxMail) IP address ranges.</note>

===== Example Configuration =====

^192.168.51.8    |Internal Mail Server IP address |
^ether1          |Mikrotik WAN interface          |
^123.123.123.123 |External (Public) IP Address    |

FIXME You can use hostnames in newer versions of RouterOS.

:!: You must **adjust as necessary** (copy->edit->paste).

<file>
/ip firewall address-list
add address=5.10.67.0/24 list=spamfilter
add address=94.186.192.0/24 list=spamfilter
add address=174.36.154.0/24 list=spamfilter
add address=192.69.16.0/24 list=spamfilter
add address=192.69.17.0/24 list=spamfilter
add address=192.69.18.0/24 list=spamfilter
add address=192.69.19.0/24 list=spamfilter
add address=208.43.37.0/24 list=spamfilter
add address=208.70.88.0/24 list=spamfilter
add address=208.70.89.0/24 list=spamfilter
add address=208.70.90.0/24 list=spamfilter
add address=208.70.91.0/24 list=spamfilter

/ip firewall filter
add action=drop chain=forward comment="Drop Outbound SMTP Except From Mail Server" dst-port=25 \
  out-interface=ether1 protocol=tcp src-address=!192.168.51.8

/ip firewall nat
add action=dst-nat chain=dstnat comment="Forward SMTP to Mail Server" dst-address=123.123.123.123 \
  dst-port=25 in-interface=ether1 protocol=tcp src-address-list=spamfilter to-addresses=192.168.51.8
</file>