I'm looking for a solution that allows me to actively block external SMTP connection from "bad" IP which are trying to use autentication as per the following log
Hi, are you sure to have enabled the DNAT to fake-IP Rule for all SMTP Ports, not only 25?
it was a good point, I did it only for port 25 , but even after changing to any ports it does not stop the connections from banned IP
Can you packet capture such an attempt to see on which SG interface and on which port the login attempt really comes?
Also check in Authentication Services / Global Settings
Please show us a picture of the Edit of the DNAT that didn't work. See #2 in Rulz (last updated 2019-04-17).
Cheers - Bob