Hi all.  I have a non-Cisco router and it has no sensible capabilities.  There seems to be a spam botnet on the internal network (unknown which are infected systems).  This router cannot do port blocking from inside to outside and my goal would be to block all systems from using port 25 outbound except the mail server.  I have an 891W nearly fully configured which was going to be connecting to a new ISP's on-premise Cisco router as it's uplink, so gig0 on this router was configured with a static IP and its next hop was the IP of the ISP's router.  Mine is a stub router so is using default route 0.0.0.0 0.0.0.0 gigabitethernet 0 rather tan the actual IP of the next hop.  . 

Is there a quick method to reconfigure this WAN interface (gig0) to be a PPPoE client and would that have impact on "normal" other router functions?  There are no routing protocols in use, this is a simple Internet gateway for an office.  I have NAT and firewall set up already.  Although I will need to figure out how to set up the insode-outside zone to block port 25 for all except the mail server.  I can post to the IOS Firewall forum on that, or, if anybody here wants to advise, y thinking is this (I'm a little new to zone firewall):

Create ACL:

permit tcp <mail server internal IP> any eq smtp

deny tcp any any eq smtp

The class map that governs inside-outside currently has a match-all and does a permit ip any any via a seperate ACL, the policy map has inspect on this. 

Would I perhaps add "permit ip any any" as the final line in thi sACL above?  Again my goal is to block all port 25 access for internal systems to the outside world, except the mail server. But I would want to allow all other traffic, via inspection, so return traffic comes back. 

I can post this firewall question to the IOS Firewall forum if that is best, mainly I need to know about the PPPoE part though. 

Thank you!