This is an old revision of the document!

Mikrotik Routers and Mail Issues

Define list of spam filter servers
- Allowed to send mail to our internal mail server
Forward inbound SMTP traffic to internal mail server
- But only from the spam filter servers
Block outbound SMTP traffic
- But not from the internal mail server

These are the MSP Mail (MaxMail) IP address ranges.

In this example:

192.168.51.8	Internal Mail Server IP address
ether1	Mikrotik WAN interface
123.123.123.123	External (Public) IP Address

You must adjust as necessary.

/ip firewall address-list
  add address=5.10.67.0/24 list=spamfilter
  add address=94.186.192.0/24 list=spamfilter
  add address=174.36.154.0/24 list=spamfilter
  add address=192.69.16.0/24 list=spamfilter
  add address=192.69.17.0/24 list=spamfilter
  add address=192.69.18.0/24 list=spamfilter
  add address=192.69.19.0/24 list=spamfilter
  add address=208.43.37.0/24 list=spamfilter
  add address=208.70.88.0/24 list=spamfilter
  add address=208.70.89.0/24 list=spamfilter
  add address=208.70.90.0/24 list=spamfilter
  add address=208.70.91.0/24 list=spamfilter

/ip firewall filter
  add action=drop chain=forward comment="Drop Outbound SMTP Except From Mail Server" dst-port=25 \
  out-interface=ether1 protocol=tcp src-address=!192.168.51.8

/ip firewall nat
  add action=dst-nat chain=dstnat comment="Forward SMTP to Mail Server" dst-address=70.167.217.44 \
  dst-port=25 in-interface=ether1 log=yes log-prefix=NORMAL: protocol=tcp src-address-list=spamfilter to-addresses=192.168.51.8
add action=dst-nat chain=dstnat comment="Forward TCP Ports to CEISBSSVR" dst-address=70.167.217.44 dst-port=\
    80,110,143,443,587,993,995 in-interface=ether1 protocol=tcp to-addresses=192.168.51.8
add action=masquerade chain=srcnat comment="Masquerade - Last Rule" out-interface=ether1

Virtual Architects Support Wiki

User Tools

Site Tools

Mikrotik Routers and Mail Issues

Page Tools