Restrict outbound SMTP traffic

Contributor Tony Bradley explains how to protect your Windows systems from rogue mail servers spreading viruses.

The following tip is one of six steps to help you protect Windows systems from bi-modal attacks. Click to return...

to the main page.

Viruses that spread via e-mail used to rely on the infected machine's default mail gateway to propagate messages. As e-mail server creators and administrators have improved security, malware authors have changed tactics and often simply create their own mini e-mail servers on infected machines to distribute messages.

In a corporate network environment, it should be fairly easy to identify the authorized e-mail servers. To protect your network from rogue mail servers spreading viruses, you should block outbound traffic on TCP port 25, the default SMTP port, except from the known SMTP gateways at the router level, or use Group Policy on a Windows domain to block outbound traffic on TCP port 25 at the individual system level.

More information:

  • Tip: Setting up ISA Server for secure RPC communications
  • Tip: Network perimeter defenses for smaller shops
  • Topic: Get best practices to set up and harden Windows messaging

  • Click for the next tip in this series: Manage patch deployment
    This was last published in June 2005

    Dig Deeper on Network intrusion detection and prevention and malware removal

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.