Redirect all outgoing mail to internal server

I am trying to redirect ALL outgoing mail on the network to our internal mail server for spam / virus processing.

I think the rule is:
chain=dstnat in-interface=AP src-address=xx.xxx.217.0/24 protocol=tcp src-port=1-65535 dst-port=25 action=dst-nat to-addresses=xx.xxx.208.20 to-ports=25

I would like to force all port 25 traffic to our server. I do not see any traffic in my statistics graph so I am not sure if this rule is correct. Can someone verify the rule or tell me how it could be done better please?
Thank you for any help.

If the “xx.xxx.217.0/24” is the address range of your clients, the rule looks good…

Best regards,
Christian Meis

You don’t need src-port.. Don’t know if that’s perhaps what’s causing your problems…

Here’s a example for you to work off.

chain=dstnat in-interface=Border Network protocol=tcp dst-port=80 
     src-address-list=Everyone dst-address-list=!noHTTPProxy 
     action=dst-nat to-addresses=x.x.x.x to-ports=3128

Also worth noting, if to-address comes via the AP interface, you’re going to have a endless loop. It’s always a good idea to add a exception rule above your dst-nat for the ip you dst-nat to.

Lastly, if you dst-nat to x.x.208.20, your MT must have a local interface on the same IP Network as x.x.208.20. Otherwise, your dst-nat will fail. dst-nat cannot be routed, it must be directly connect.

–
Chris