Hello and welcome,
I have a maybe obvious question. I have been struggling with the on-prem email server for several days.

I decided to temporarily change the concept and instead of keeping it behind NAT, it got a public IP address (let's say 10.0.1.200).
My Mikrotik router has a public address of 10.0.1.100. Generally, public addressing goes to eth1 as VLAN 80 and the VM with the email server is also assigned to this VLAN. This vlan is connected to BRIDGE with other ports and vlans.

And now my question... how can I apply firewall rules to such a system?
I wanted to block all communication with this server via the DROP rule at this moment.

I tried by setting

chain input,
dst. addresses 10.0.1.200
In Interface (eth1 or vlan 80)
action drop

but unfortunately it didn't work.

I would like some tips on how to deal with this issue

Regards !

IP firewall doesn't look into packets flowing inside bridge. You can either use /bridge/filter or enable IP Firewall for bridges. Chain is also wrong - should be forward not input. Another option is to use firewall inside VM.

kleshki, Thank you very much for your help,
you saved me many hours of searching.
Enabling IP Firewall + Vlan Firewall on the bridge and adding rules on the firewall as forward solved my problem.