It's partially built into the Hotspot system. It install the following dynamic rule that is invalid (red in Winbox) since it doesn't point anywhere:
14 I chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
If you set an smpt-server in a Hotspot profile that gives you the following:
14 D chain=hs-auth action=jump jump-target=hs-smtp protocol=tcp dst-port=25
18 D chain=hs-smtp action=dst-nat to-addresses=192.168.0.1 in-interface=hotspot1
The rule is no longer invalid since the jump target now exists. You can do that manually and also forward the port, but make sure to set the smtp-server on the Hotspot back to 0.0.0.0 since the dynamic rule created by having a value attached creates an entry you don't want:
/ip firewall nat
add chain=hs-smtp action=dst-nat in-interface=hotspot1 to-ports=2525
No need to be more specific since the jump rule already does filtering by protocol.