country blocking question

The help file attempts to explain this, but does not fully succeed.

• When the exception target is on the internet, such as your desired mail server, you specify the object and MUST leave the country list EMPTY.   UTM does not need to know the country because the IP address already ensures uniqueness.   Specifying any countries (or ALL) will produce the unexpected result that you are seeing.  This applies whether the exception is FROM or TO the exception target.
   
• When the exception object is the UTM or any internal network object, you must specify a country list or ALL.    Without a country list, there would be ambiguity.   I think an empty list and ALL will produce the same result here, but the documented preference is to use ALL.

For your example, I think you only need to exempt SMTP (port 25), not port ALL.   

I think the PORT specification refers to the destination port, whether the exception is the source IP or the destination IP.   (Test to verify this.)

For web proxy traffic, I have observed some FQDN+IP pairs being assigned to different countries at different times, and I have seen some FQDN-IP pairs with no country assigned.   The issue has been confirmed and is in development.  I don't actually know if it affects incoming SMTP traffic.  But if you are using Country Blocking now, you should be aware that it may have limitations, and continue to monitor your logs. 

So I tried this using

Skip blocking for these countries - blank

Host  - IP of server

Using smtp

Still that IP is being blocked. Even tried all instead of smtp but still not working. In the logs it shows country block and reason given is geoip.

Try to add internal(address) to host/network.

I had this case myself and that did it.

Best

Alex

And IP Server is your WAN IP? And you use mailprotection?

And IP Server is your WAN IP? And you use mailprotection?