linux

Why is centos iptables not passing remote address through nat?

Hello!
Please help me with this question.
There are two identical mail servers, both behind nat.
For one mikrotik gateway, for another centos + iptables.
behind Mikrotik in the log I see such entries

Nov 10 11:53:07 mail postfix/smtpd[43406]: NOQUEUE: reject: RCPT from unknown[40.135.183.10]: 450 4.7.1 Client host rejected: cannot find your hostname, [40.135.183.10]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail.Herschal.com>
Nov 10 11:53:08 mail postfix/smtpd[43406]: disconnect from unknown[40.135.183.10]

For centos I see the following

Nov 10 12:00:49 mail postfix/smtpd[24103]: E5BA2C41C99: filter: RCPT from unknown[192.168.69.1]: <[email protected]>: 
Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<diatchkov>
Nov 10 12:00:49 mail postfix/smtpd[31487]: 4C553C41B19: filter: RCPT from unknown[192.168.69.1]: <[email protected]>: Sender address triggers FILTER smtp-amavis:[127.0.0.1]:10026; from=<[email protected]m.ru> to=<[email protected]> proto=SMTP helo=<parole>

I want to set up something like fail2ban or geoip on the second server, but it doesn’t work, because I don’t see the address behind the nat, where the connection attempts come from.
What can be done?
iptables rules

-A PREROUTING -i eth1 -p tcp -m multiport --dports 25,993,465,110,143,587,995 -j DNAT --to-destination 192.168.69.5