Lock Down TCP Port 25

As viruses and worms become more sophisticated, SMTP (typically port 25) is becoming a more common transport mechanism for malicious purposes. One example of this sophistication is the w32.hllw.gaobot.dk worm. This worm is a Trojan horse that installs pieces of an SMTP mail service on the victim's computer. This installation allows the worm to send spam from the computer. To disable the effectiveness of such worms and viruses, you can configure your network such that SMTP traffic is only allowed to travel between Exchange servers, domain controllers, and other computers that require SMTP.

Because of the management overhead in restricting SMTP traffic, you may only consider this implementation if you are not running or cannot run a personal firewall on the desktop computers. Running antivirus software in addition to a personal firewall on the desktop will help to keep the majority of worms and viruses out of your network, or at least debilitate them to the extent that they are easier to remove after an isolated infection.