I am finding that the setting up of a block on tcp port 25 for outgoing traffic impossible to set. I have spent hours trying to create groups, filters galore.
Does someone have a blow by blow for setting this up. Sometimes I wonder if Draytek need to simplify the setup or does it simply not work.

There are different ways of doing this. Here's what I do:

1. Create a Service Object for SMTP:
- Go to Objects Setting -> Service Type Objects.
- Click on any unused Index, set up and save the object:

Name: SMTP
Protocol: TCP
Source Port: 1 to 65535
Destination Port: 25 to 25

2. Go to Firewall -> Filter setup and set up a new filter:
- Assuming filters sets 1 (Default Call Filter) and 2 (Default Data Filter) are already present, create a new filter for set 3...
- Give Filter Set 3 a name - something like "Restrict SMTP" - and add a rule called "Block SMTP Out" thus:

Direction: LAN -> WAN
Source IP: Any
Destination IP: Any
Service Type: "SMTP" (the object you created above)
Fragments: Don't care
Filter: Block If No Further Match

3. Link the new filter to Filter #2:
- In Firewall -> Filter Setup, edit Filter Set 2
- Set "Next Filter Set" to "Set#3"
- Save the changes.

This will block all SMTP out. If you want selected local IP addresses to be able to use SMTP, set up as IP Objects and/or IP Groups as needed, then go back to Filter Set 3 and add 'allow' SMTP rules for those objects.

Thank you very much, that worked nicely. Now I look at it, it seems obvious.