Black Hole NAT not working

Question

Every day we have random people trying to authenticate into our hardware spam filter in order to spoof emails and whatnot. What I set up on the UTM9 was a black hole NAT. So under Network Protection > NAT > NAT I have a DNAT set up. In the "For traffic from:" I have a group called Spammers/Hackers which has a list of IPs of the offenders. "Using service" is set to Any and "Going to" is set to "External Address Group" which is a list of all our networks both using WAN and LAN IPs. It is then set to "Change the destination to" an IP of 240.0.0.0. Our IP scheme is using a class B for reference. Also checked is the automatic firewall rule option. 
 However it doesn't appear to be working...I say this because I went to add an IP to the offender list and it said it already existed as I had added it last week, but the offender was still able to attempt to authenticate to our security gateway. Did I set this up wrong? Any help would be appreciated.

Ol Deda · Accepted Answer

In these case, the Going interface must be one WAN Address (the ip which offenders hit). Or just Uplink Interfaces (if you have 2 wan). You cant use multiple interfaces for DNAT rules

Ol Deda · Answer

Exclude the spamers group from Transparent, in Email Protection. 
 This can happen only when transparent mode is active. This means that email protection owns port 25. Firewall and DNAT rules are useless for port 25 at this point

Black Hole NAT not working

Submitted a Tech Support Case lately from the Support Portal?