ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

TCP port 25 (SMTP) not blocking outbound traffic Endpoint Protection

book

Article ID: 172204

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You have created a firewall rule using Symantec Endpoint Protection (SEP) to block outbound connection to tcp/25 and this rule has been correctly applied to the clients. However, the rule doesn't seem to have any effect.

Symptoms

  • The clients who have the firewall rule applied have Symantec Endpoint Protection POP3/SMTP Email Scanner installed and Internet Email Auto-Protect is enabled.
  • You have the firewall rule created correctly for the purpose, similar to what the screen shot shows below:
  • You find out that after the rule applied, you can still telnet to a remote system on tcp port 25.

 

Cause

SEP POP3/SMTP email scanner is installed and enabled.

Resolution

This behavior is by-design. When the POP3/SMTP email scanner is installed and enabled email messages are passed from the client software to the Symantec email proxy (which provides POP3/SMTP antivirus functionality). The Symantec email proxy then sends the scanned message to the server.  Because the email proxy is considered a trusted process it is allowed through the firewall.

 

 

 

 

Attachments