×
Forced routing of selective emails to ISP SMTP via Mikrotik Routing


isp.jpeg


Scenario:

We have a LAN environment with our own email server [IBM Lotus Domino] hosted locally. Mikrotik router is acting as our gateway router with /29 public pool & port forwarding from mikrotik public ip to email server is configured. Barracuda Antispam gateway is in place as well.

Problem & Challenges :

Sometimes there are few email servers on the internet that does not accept our emails, either they bounce back or silently drop our emails despite our public IP is not listed in any of blacklisting on the internet[It happens commonly with microsoft hosted email servers as they silently drop our emails without informing any reason]. If we use our ISP SMTP as relay in the DOMINO configuration, then the emails delivers to those particular servers without problem. But we cannot use ISP SMTP for all emails routing/relaying as they have per day sending limit, and we donot get proper reports for delivered or hold emails.

Another BIG problem is that sometimes ISP’s SMTP server IP gets ban/added in the spamhaus or likewise SPAM blacklist database & when this happens 80-90% emails bounces back.

So we needed a solution where we should not use ISP SMTP relay all the time but only particular destination email server’s mails should be routed to ISP smtp. & it should all be controlled by our Mikrotik RouterOS dynamically/centrally.


Solution:

First created a address list which should contain IP addresses of remote email servers [that donot accept our emails directly]

1
2
/ip firewall address-list
add address=smtp.remotemail.server.com comment="remote company mail server X IP" list=few_mails_routing_2_primary_ISP_smtp

Now using NAT rule, we will forcefully route all emails [port 25 traffic] going to above address list, will be routed to ISP SMTP , with below rule …

1
2
3
4
# 1.2.3.4 is the ISP SMTP IP
 
/ip firewall nat
add action=dst-nat chain=dstnat comment="Few Mails Routing 2 primary ISP smtp" dst-address-list=few_mails_routing_2_primary_ISP_smtp dst-port=25 protocol=tcp to-addresses=1.2.3.4 to-ports=25

It’s done.

BUT next challenge is to overcome issue when ISP changes it’s SMTP IP address for whatsoever reason, so we need to schedule a script that will keep checking the ISP SMTP IP by resolving it via google dns, and update the ISP SMTP IP in the NAT rule. [As per my knowledge we cannot put DNS name in TO-ADDRESS field, this is why putting IP is necessary, & update it dynamically is also essential to avoid bouncing email dueot blacklisting for ISP old SMTP IP]

the Script !

or workaround I suggest for very particular problem?

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Mikrotik routerOS script to resolve ISP SMTP, and add it to variables & in NAT rules
# Useful in scneario where ISP change its smtp IP frequently (to avoid SMTP Blacklisting)
# Script by Syed Jahanzaib / aacable at hotmail dot com / https : // aacable . wordpress . com
# 31-January-2019
# Find rule with following comments
:local COMMENT "few_mails_routing_2_primary_ISP_smtp";
# DNS Name of SMTP for resolving
:local ISP1SMTPDNSNAME "smtp.multi.net.pk";
# Which DNS server to be used for resolving
:local DNSSERVER "8.8.8.8";
# Below is Default IP of SMTP Server, so that if resolving cannot be done for what so ever reason, set this IP as DEFAULT SMTP
:local DEFAULTSMTP "202.141.224.89";
# Destination port that need to be redirected
:local DSTPORT "25";
# Dat time variables
:local i 0;
:local F 0;
:local date;
:local time;
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get time])
:local sub3 ([/system clock get date])
:set date [/system clock get date];
:set time [/system clock get time];
# Set script last execution date time
:global SMTPLastCheckTime;
:set SMTPLastCheckTime ($time . " " . $date);
 
# Set global variables to store for ISP SMTP & its last resolved status
:global ISP1ACTIVEIP4SMTP;
:global ISP1SMTPLASTRESOLVERESULT;
 
# Check if resolving is doable, then act accordingly
:local RESOLVELIST {"$ISP1SMTPDNSNAME"}
:foreach addr in $RESOLVELIST do={
:do {:resolve server=$DNSSERVER $addr} on-error={
:set ISP1ACTIVEIP4SMTP "$DEFAULTSMTP";
:set ISP1SMTPLASTRESOLVERESULT "FAILED";
:log error "$ISP1SMTPDNSNAME resolved result: FAILED @ $date $time !";
/ip firewall nat set to-addresses=$DEFAULTSMTP to-ports=$DSTPORT [find comment="$COMMENT"] }}
 
# If resolving is ok from above results then set resolved address as default SMTP ip
:if ($SP1SMTPLASTRESOLVERESULT !="FAILED") do={
:log warning "$ISP1SMTPDNSNAME resolved result: SUCCESS @ $date $time !";
:set ISP1ACTIVEIP4SMTP [:resolve "$ISP1SMTPDNSNAME"];
:set ISP1SMTPLASTRESOLVERESULT "SUCCESS";
/ip firewall nat set to-addresses=$ISP1ACTIVEIP4SMTP to-ports=$DSTPORT [find comment="$COMMENT"]
}
×

Notice!!

All Quantic user are requested to use our hybrid cloud drive for you project and Data base . We had added new module of cronjob to schedule and optimise your backup .