Firewall/NAT

I have a M0n0wall router with one single Static wan ip address.  I have Nat rules to direct web traffic to a webserver on the lan network.  I'm wanting outgoing email traffic on that server to go out another ip address on instead of the incoming.  Is that possible with the m0n0wall?  What would be the best way to set it up?  Basically, what has happened is that Tiopan has listed our external in it's blacklist and we have had no success in removing our ip from it.   Our webserver scripts that send out emails are being blocked by several isp's.  In our setup it seems the best way is the change the ip on outgoing emails at least for now.

Also, how do we block outgoing emails from any other machine so we don't get listed again?  We had a pc get infected on the network that was sending out mass emails. 

You can not invent public IP address or use public IP addresses that do not belong to you. If you must solve your being blacklisted problem via a public IP address change, ask your ISP for a new public IP address. How much this will cost, and how many times they will honor such requests is all up to them.

As to selectively blocking email, create firewall rules:

Action: Allow
Interface: LAN
Source IP: The machine you wish to allow sending mail
Source Port: any
Destination IP: any
Destination Port: 25
Protocol: TCP

Immediately below this rule, create another one:

Action: Block
Interface: LAN
Source IP: any
Source Port: any
Destination IP: any
Destination Port: 25
Protocol: TCP

I have a bank of 5 public ip's.  I'm asking can I have port 25 go out on one of those instead of the IP that I have assigned to my m0n0wall. 

Basically, I'm trying to prevent this problem in the future.  I want my webserver on it's own public and the rest of my network on one of the others.  That way if one of our office computers becomes infected it doesn't necessarily affect the reputation of our webserver.

Please read thru the m0n0wall handbook as to how to configure things when you have multiple IP addresses http://doc.m0n0.ch/handbook-single/#id11629258

Particularly, Chapter 6. Network Address Translation.

use 1:1 NAT (and proxy ARP) for your mail server.  your mail server's incoming and outgoing IP will be what ever public IP you 1:1 NAT to it.  also, don't forget  to change your MX, PTR and SPF DNS records to match your new IP.

Roy...

could you explain with an example how to do it?

Go into "1 to 1" nat.  Put in your external IP and the internal IP of the mail server.  Add the external IP to "Proxy ARP" as well.  You can leave the old NAT entry so inbound port 25 will work on the old or new IP address.