Hi,

I hope somebody can help me with my problem.
actual I have an cable modem on ethernet 1 and clients on bridge 1 (ethernet 2-4) are masqueraded against ethernet 1.
Internet ist working so far.
Now I want to install an mailserver on bridge 2 (ethernet 5)
Therefore I have an VPN provider who provides me an fixed IP with reverse DNS.
The PPTP connection to this provider is working so far but I have problems to route the traffic from pptp-out1 to the mailserver on bridge 2
How to solve that problem?
Can somebody describe it to me please?
Actual the mailserver have an internet connection through pptp-out1 (fixed ip) I solved that with an mangle rule.
But connection to the mailserver from outside is not possible. I think it have something to do with an route??
Sorry I'm not an computer guy but I want to have my own mailserver.
I'm working on that **** since 3 days :::(

Short story:
You need to use dst-nat for tcp port 25 with your pptp interface as incoming interface and nat destination your server's internal IP, and forward rules allowing outgoing connections from your mail server to the pptp interface.
It is also needed to force outgoing tcp destination port 25 via pptp. This can be achieved using a routing mark on packets from server IP, tcp, port 25 (mangle). For that mark setup a route to 0.0.0.0/0 via your pptp gateway.

Hi docmarius,
thank you for your answer. It's working!
But now I can't access my mailserver from my LAN (bridge 1) nor over the public IP.
That's clear because all the outgoing traffic of the mailserver is now dst-nat to the PPTP-out Interface.
How to harping that? Is that possible?

dst-nat traffic from your LAN to your public IP to your server IP: You will have access to your server using its public IP.

Also you can exempt the route marking for outgoing SMTP traffic targeting the LAN using "dst-address=!<LAN-IP-RANGE>" in the mangle rule. That will allow access over its LAN IP.

Sorry, that's not working
I think the Mailserver can't answer my lan-client because of mangle rule -> pptp-out

Can't you change the mangle route so it applies only to outgoing connections NOT targeting your internal network based on dstn-addr using "dst-address=!<IP/MASK>"?
Note the "!" in front of the IP/mask combination which means "NOT". If you use winbox, there's a checkbox in front of the address doing the same.

And remember, mail servers usually don't accept mail from sources without DNS/reverse DNS or private addresses. So maybe you need an exception in your server configuration to allow full access from your LAN (which doesn't pass through the router if you use private IPs - so it has nothing to do with MT).