Ok being dumb ir somethig, but all you are doing is a dst-nat + src-nat??? Correct... Then just setup auth on the smtp server for the src ip of the mt interface.. That way you just give your customer the details for login..
Real world IPs are valuable, I would need to waste 1 extra IP per box or ALLOW all clients behind NAT to them be able to relay. That isnt a problem until they get infected or spyware on their system, relay then through the server as they would be an allowed IP address, which then gets our mail servers on spam lists, no thanks.
Right now my solution is an extra IP per box so that the NAT (clients) send from a different IP and MUST use SMTP authentication, the mikrotik itself now sends from a different IP and is allowed. This however is wasting 1 Real World IP per Mikrotik just for the ability to send email, where if Mikrotik would add SMTP authentication support I could save those IPs, not to mention some of them are wasting more because I use small 4 IP subnets (2 usable IPs), but with 2 IPs needed per mikrotik, plus the link IP, I end up wasting a 6 IP subnet (4 usable).
I made this post as a request to save the IPs/hassle of customizing a mail server for a feature availiable in every email client (including linux) in the past 5 years.