Allowing mail server access to residing country only.

Hi guys

So a client has asked me to block anyone connecting to the mail server that's outside of the country, which is all good and fine, but the problem is, it seems that most of the forwarding
source is getting caught up in the block too.

For example:

* Using the FORWARD chain as the mail server is behind the ClearOS box and uses port forwarding for people to get their mail outside of the office
This should block anything that's NOT part of the country ip addresses inside the hash, right?

But I'm getting blocks from everyone inside the LAN side, also, their mail server cant send anything to gmail server's, for instance.

Is the rule I'm using incorrect?