x64 wrote: In my 2862, at the bottom of the "Firewall" menu, is an item "Diagnose".

In there you can select source/destination IP and ports., protocol, and run a live test of sending a packet.

It then reports pass/fail and the rule that it acted on. I assume your 2860 has a similar page?

I spent a lot of time deciding how best to layout firewall rules,ad the DrayTek is extremely counter intuitive (for example rule set branching, not happening when the rule is actually executed, but continuing to the end of the current page of rules, THEN branching to the indicated ruleset, and the "Block if no further match" setting. In most brands the rules are decisive in the order they are executed - DrayTek is the other way around.

I also did quite a bit of testing, enabling/disabling various test rules to ensure that I understood the logic of the strange beast before settling on my scheme.

x64 wrote: :?

OK................ Yep, on the surface of it, that qualifies as barmy.

I presume that you are entering the gmail SMTP server in the camera config? There is no other infrastructure you have inside your network that is doing the relay? That the "Received:" headers in the message headers of the email received outside show the gmail server receiving directly from the camera (it will show the external public natted address, but hopefully the text name of the sending node in that record will identify the camera)

What happens IRL if you add a fourth rule to BLOCK 578/TCP (SMTP will always be TCP - UDP is never used). Does that stop the email? (we are seeing if the fourth rule gets hit by doing this).
You could also put this block rule on other places and see where it has bite.