I have setup an SMTP-Protocol filter. My problem is there's this public
address that is able to get through using the port 25. I
think this public ip address belongs to a spammer. It's just killing our
notes server. What can I do to prevent blacklisted servers/ips to access
our internal servers? Is there something that I had done probably that
would have allowed this address to access my server?
We have a BM3.7 installed on another server which has only NAT setted up-
no filtering or what so ever. It's a production server but the amazing
thing is it has not been attacked by such servers. I just don't
understand it.

What happens if I setup a filter under the deny list and setup another
exception filter that contradicts the deny filter? Will the filter in the
deny be prioritized?

This is what i got when i turned the tcpip debug = 1

RECEIVE:pktid:27413>21x.xx.xx.x ttl:114
TCP:SYN Source Port:2811, Dest Port:25 Sequence No.:2655320458 Ack No:0
Window:6 4240
FORWARD:pktid:27413> ttl:113
TCP:SYN Source Port:55005, Dest Port:25 Sequence No.:2655320458 Ack No:0
RECEIVE:pktid:23417> ttl:128
TCP:SYN ACK Source Port:25, Dest Port:55005 Sequence No.:1302975942 Ack
20459 Window:65535
FORWARD:pktid:23417 21x.xx.xx.x-> ttl:127
TCP:SYN ACK Source Port:25, Dest Port:2811 Sequence No.:1302975942 Ack
0459 Window:65535 UrgPtr:0