Which router are you using?

You need to make sure it's port 25 Outbound that's blocked, not port 25 inbound.  Not all routers allow blocking of outbound traffic.

Besides, blocking traffic isn't really the answer, tracking down and removing the source of the traffic is.  This is is because you don't know what other undesirable activity is using your network.

Tim

Thanks Tim.

I am using a Ubiquiti EdgeRouter. I am pretty sure it is blocking ok.

Would you suggest then maybe removing the block and keeping monitoring with Wireshark as part of collecting data?

And/or turning off the VPN and seeing if there is any traffic from devices?

Having done a bit more digging:

1. I can see no evidence of blocking any port 25 requests in practice - the Firewall rule is reporting no Packets or Bytes impacted by the rule, but I did reboot the router earlier today.

2. I've run Wireshark for a few hours now and seen no evidence of any port 25 traffic across the router. Which would make sense given the above.

However, for the third time today I'm unable to send email via a client.

See my Video here which explains my detection method

https://www.youtube.com/watch?v=UxNsoW7FRh0

Note that it uses the Hotspot feature in Windows 10 or 11.  You can't see traffic unless it passes through your computer, so you need to temporarily connect devices to the hotspot on your PC.

Note also this needs to be done on EVERY device on your network that normally connects to the router via Wifi, so If you have kids with mobiles, you need to check their devices too.

Thanks again Tim. I've been monitoring overnight using Wireshark pulling info direct from the router - so far 3.6m packets analysed and the only Port 25 traffic is probes from 6 external sources to my router.

On the router itself the Firewall reports no blocked outgoing packets either.

No sign of any outgoing at all, and yet I am back to being blocked again this AM.

I'm really unsure what I can do now - it's massively irritating. The only device I am not seeing/blocking is my Virgin Media hub which is running in Modem mode.

Wireshark doesn't pull any info to from the router

It allows you to view traffic passing through the network ports on the PC on which it's installed.

The second part of the instruction shows how to turn on the Wifi hotspot on the PC (which needs to have a wifi adapter) and to find the adapter that the hotspot is running on in order to monitor this port.

Once you've set the hotspot up and the wireshark capture, you connect your wireless devices to the hotspot INSTEAD of the router.

Once you've ruled out a device, you can connect it back to the router.

I appreciate that. 

I am using Wireshark to interrogate the router logs through an SSH tunnel. It should be just the same as the virtual hotspot method you recommend (albeit for all devices on the LAN at once).

And even if that was the case the router, which is blocking Port 25 traffic outgoing, is capturing how many packets it is blocking - currently 0 which to me suggests that there is no outgoing SMTP on Port 25 from my network. 

The bit I am getting a little confused by us the impact (or actually not) of my using a VPN. My memory is that it seems to make no difference whether I am connected to it or not, and yet I still get the 305 error. 

And I have tried multiple devices. I probably need more systematic research but I am not sure I am missing something with Wireshark.

I am also running pi-hole on the internal LAN (on a standalone pi) but don't believe that should be relevant.