This is an old revision of the document!

Mikrotik Routers and Mail Issues

Define list of spam filter servers
- Allowed to send mail to our internal mail server
Forward inbound SMTP traffic to internal mail server
- But only from the spam filter servers
Block outbound SMTP traffic
- But not from the internal mail server

These are the MSP Mail (MaxMail) IP address ranges.

Example Configuration

192.168.51.8	Internal Mail Server IP address
ether1	Mikrotik WAN interface
123.123.123.123	External (Public) IP Address

You must adjust as necessary (copy→edit→paste).

/ip firewall address-list
  add address=5.10.67.0/24 list=spamfilter
  add address=94.186.192.0/24 list=spamfilter
  add address=174.36.154.0/24 list=spamfilter
  add address=192.69.16.0/24 list=spamfilter
  add address=192.69.17.0/24 list=spamfilter
  add address=192.69.18.0/24 list=spamfilter
  add address=192.69.19.0/24 list=spamfilter
  add address=208.43.37.0/24 list=spamfilter
  add address=208.70.88.0/24 list=spamfilter
  add address=208.70.89.0/24 list=spamfilter
  add address=208.70.90.0/24 list=spamfilter
  add address=208.70.91.0/24 list=spamfilter

/ip firewall filter
  add action=drop chain=forward comment="Drop Outbound SMTP Except From Mail Server" dst-port=25 \
  out-interface=ether1 protocol=tcp src-address=!192.168.51.8

/ip firewall nat
  add action=dst-nat chain=dstnat comment="Forward SMTP to Mail Server" dst-address=70.167.217.44 \
  dst-port=25 in-interface=ether1 log=yes log-prefix=NORMAL: protocol=tcp src-address-list=spamfilter to-addresses=192.168.51.8
add action=dst-nat chain=dstnat comment="Forward TCP Ports to CEISBSSVR" dst-address=70.167.217.44 dst-port=\
    80,110,143,443,587,993,995 in-interface=ether1 protocol=tcp to-addresses=192.168.51.8
add action=masquerade chain=srcnat comment="Masquerade - Last Rule" out-interface=ether1

Virtual Architects Support Wiki

User Tools

Site Tools

Mikrotik Routers and Mail Issues

Example Configuration

Page Tools