I can help you.
This mangle rule intercept all smtp (non-ssl) and imap (non-ssl) traffic and block:
Paste this on terminal, on script are not working if you not remove first "\" in front of various "?"
/ip firewall layer7-protocol
add name=prot-smtp regexp="^220[\t-\r -~]* (E\?SMTP|e\?smtp|[Ss]imple [Mm]ail)"
add name=prot-imap regexp="^(\\* ok|a[0-9]+ noop)"
/ip firewall mangle
add action=mark-packet new-packet-mark=to-drop chain=prerouting comment="Drop SMTP" layer7-protocol=prot-smtp protocol=tcp src-address-list=hotspot-ip-list passthrough=yes
add action=mark-packet new-packet-mark=to-drop chain=prerouting comment="Drop IMAP" layer7-protocol=prot-imap protocol=tcp src-address-list=hotspot-ip-list passthrough=yes
/ip firewall filter
add action=drop chain=forward packet-mark=to-drop
/ip firewall address-list
add address=192.168.66.0/24 comment="HotSpot used IP Addresses" list=hotspot-ip-list
On address list remember to set the IP range used from HotSpot users.
If anyone like this method or use the rules, please add Karma. Thanks.