How to set up NAT rules so that the mail server works?

S

Shamil2020-09-01 13:10:58

Mail server

Shamil, 2020-09-01 13:10:58

Installed the hmail server mail server on Windows.
Server behind a Mikrotik router, with a white IP.
Set up dns, dkim, spf, mx on hosting.
I got confused in the rules of NAT while I was trying to make the mail leave (at that time the incoming ones worked) ..
now the problem is that the mail has stopped coming.
Initially I tested from home, now I went to work, and I'm testing from here (I had to set up hairpin nat - because the server is here).

active rules in NAT left these:

;;; defconf: masquerade
      chain=srcnat action=masquerade out-interface-list=WAN ipsec-policy=out,none 

 ;;; HostingServer Email
      chain=dstnat action=dst-nat to-addresses=192.168.111.251 protocol=tcp dst-port=465,587,110,995,143,993 log=no 

 ;;; NAT LoopBack for LAN
      chain=srcnat action=masquerade src-address-list=LocalNet out-interface-list=LAN

Well, I allowed the rules in the filters:

chain=forward action=accept protocol=tcp dst-address-list=192.168.111.251 in-interface=ether1 dst-port=25,143,993,587,465 log=no 

 chain=input action=accept protocol=tcp dst-address-list=192.168.111.251 in-interface=ether1 dst-port=25,143,993,587,465 log=no

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Shamil, 2020-09-01
@jawakharlal

in general, if suddenly someone will google on the topic, how to configure hmailserver for mikrotik:
1. create rules in NAT:
chain=dstnat action=dst-nat to-addresses=<local IP of the mail server> to-ports=25 protocol= tcp dst-address=<external IP> in-interface= dst-port=25
and so on for ports 110, 143, 465, 587, 993, 995 (depending on which one you use)
2. and most importantly - on the side hmailserver the main thing is to uncheck the require authorization

3. well, in the firewall filters, allow traffic on these ports

K

kprohorow, 2020-09-01
@kprohorow

The forward dst-addr must have an external ip.
input is not needed.