Restrict outbound SMTP traffic

Contributor Tony Bradley explains how to protect your Windows systems from rogue mail servers spreading viruses.

The following tip is one of six steps to help you protect Windows systems from bi-modal attacks. Click to return to the main page.

Viruses that spread via e-mail used to rely on the infected machine's default mail gateway to propagate messages. As e-mail server creators and administrators have improved security, malware authors have changed tactics and often simply create their own mini e-mail servers on infected machines to distribute messages.

In a corporate network environment, it should be fairly easy to identify the authorized e-mail servers. To protect your network from rogue mail servers spreading viruses, you should block outbound traffic on TCP port 25, the default SMTP port, except from the known SMTP gateways at the router level, or use Group Policy on a Windows domain to block outbound traffic on TCP port 25 at the individual system level.

More information:

  • Tip: Setting up ISA Server for secure RPC communications
  • Tip: Network perimeter defenses for smaller shops
  • Topic: Get best practices to set up and harden Windows messaging

  • Click for the next tip in this series: Manage patch deployment

    Dig Deeper on Enterprise desktop management