Firewall/NAT

I have one set of ipaddresses for my Wan and another that I can use for my static public addresses. I will give an example using private ipaddresses. Say that my Wan is 10.200.200.1/30 and my static addresses are 10.200.67.20/29, which are setup in proxy arp. My problem is that the spammer scum sometimes get past my firewall by using private addresses such as 192.168.0.8, and, because the mail server is set to trust those addresses, they get past the filters. They are able to do that because the Wan address, which is set to block incoming private addresses, is not part of the static address block that includes the address used for incoming email. When I go to setup a new rule to block those private addresses I have the problem that the only source I can choose is the Wan so I cannot block them. I tried and it doesn't work. The mail server has a 1 to 1 NAT for the public ip it uses. Any way to block private ip's coming from the Internet to my mail server?

Are you using server based NAT?  Did you open up all the ports to that server?

-  Are you using server based NAT?  Did you open up all the ports to that server?
I used server NAT for remote access, using a different ipaddress than the one used for mail and I used 1 to1 NAT for the ipaddress for my email.

I only opened up the required ports, everything else is blocked.