Brief background.
We have two ISP connections - one fibre the other DSL and both provide IP4 and IPv6/56 - thus we are running dual stack.
We have four subnets on four bridges to keep LAN, WiFi, IOT and Management traffic separate and provide a degree of isolation.
We have six or so servers running, two of which are email servers that provide virtual mailboxes for multiple domains. One of these email servers .232 and ::232 runs off the VDSL connection, the other .242 and ::242 runs off the fibre.
Nearly everything is working as per design, the only issue remaining is trying to get clients in the WiFi subnet 192.168.131.0/24 and a printer in the IOT subnet 192.168.130.244 to be able to connect to the MX email servers on ports 993 IMAP and 587 SMTP.
I have set up filter rules for this traffic, and can see the traffic hitting the rules (via log messages and packet counts) but they never seem to reach the server. Not sure at which point the server logs postfix and dovecot connections when TCP is being established ... but no log messages happening in the MX server at all when attempts are being made.
So the question is what rules / routing needs to be in place to ensure that this specific connection type is allowed and functions.
The complete connection is in-house - i.e. we are using local dns to resolve to 192.168.xx.yy addresses - we are not using global or outside addresses.
I attach a sanitised copy of the export from the RB4011 doing all the work.
I have spent far too long looking at this and am probably missing something obvious, so looking forward to gaining some clarity and insight from y'all
TIA
Rob.