SMTP Attacks - RBL/DNAT Blackhole

We are getting a huge SMTP attack from a number of IPs. I've gone ahead and created a DNAT rule that sends them to a blackhole address, but I'm not understanding why exim is still receiving the TCP connection, if I have everything set correctly. Shouldn't the NAT rule precede the proxy connection, according to the Rulz?

Added additional, followed guidance information.
[edited by: superbits at 10:31 PM (GMT -7) on 1 Oct 2020]
Parents Reply Children