If your Firewall is a NethServer, you’ld need to enter that DMZ-Mailserver as a Maildomain in the Firewall-NethServer E-Mail settings.
Use the correct domainname and IP.
In this case, your firewall actually works as “mailgateway”, not just forwarding ports.
Another option would be to just “forward” ports, but that would only allow one mailserver internally, using a mailgateway would allow several mailservers (behind a single IP)…
I think you need two entries in the FW.
1x NAT for SMTP and an Allow rule from the WAN to the DMZ with the mail server as destination also for SMTP. Do you have a fixed IP on the WAN?
Actually you don’t. You can still go to the relay-headache-route.
Port forwarding is faster to do and easier to manage; don’t forget to consider also firewall rules from RED to Orange and from GREEN to Orange for the ports.
Also, I’d forward also https (webmail) and 993+995 (POP3s and IMAP4s) but maybe don’t fit your goals.