In a bridge-mode between two nics, use your spam ip as src-ip, and your internal 192-ip as dst-ip, with TCP src-port 25
Mine is as follows to limit non port 80 traffic destined to a host for x speed, i.e, their download speed:
-A FORWARD -d x.x.x.x/32 -p tcp -m tcp ! –sport 80 -m dscp –dscp 0x00 -j MARK –set-mark 0xd
Make a class in the class manager, and in the classifier point the rule to the said class. Thus making any traffic coming from the spam ip using port 25
destined for your internal ip shaped to x speed.
or flip it to make your 192-ip as srcip, and the spam-ip as dstip, with dport of 25, making it so anything from your 192 to spam-ip sending on TCP port 25, shaped to said x speed.
Not sure in a non-bridged setup; I only have my box as bridged for inline/transparent shaping.