I'm having trouble with my e-mail server being blacklisted by dsbl.org. My server has a public address via dst-nat, but because of masquerade it appears that everything leaving my Mikrotik, even the natted public addresses, look like they're coming from the gateway address. Thus, whenever one of my customer's computers gets a virus, my gateway (and mailserver) get blacklisted. With 150 clients, one of them is always bound to have a virus. I like having the mail server behind the Mikrotik because of the firewall protection. Is there a way to not use masqurade for the addresses I have given public IPs via dst-nat?

Nobody responded, perhaps because this had partly already been covered in an earlier post, but I found the exact solution I needed by using in part what ASM had written in an earlier post:

/ip firewall src-nat add src-address=192.168.1.0/24 action=nat to-dst-address=xxx.yyy.1.1

(xxx.yyy.1.1 being the public address). The trick was simply to put this rule ahead of the masqeurade rule and now the IP address sent in headers on any mail coming from my mail server are the true address (not the masqurade gateway address) plus I still have the benefit of MT firewall.

...
/ip firewall src-nat add src-address=192.168.1.0/24 action=nat to-dst-address=xxx.yyy.1.1

(xxx.yyy.1.1 being the public address).
...

does the public ip-address never changes?
on usual dsl-based connections e.g. in germany the ip-address changes at least every 24h, therefore this method won't work without changing the rule manually every day or so.

plus many ISPs do reverse lookups, and for mail exchangers ip-address and hostname have to match.

No, we have a static block assigned to us. I have reverse DNS entry in place for the mail server address but the problem was with masquerade it was the gateway address that was forwarded instead.