You have created a firewall rule using Symantec Endpoint Protection (SEP) to block outbound connection to tcp/25 and this rule has been correctly applied to the clients. However, the rule doesn't seem to have any effect.

Symptoms

• The clients who have the firewall rule applied have Symantec Endpoint Protection POP3/SMTP Email Scanner installed and Internet Email Auto-Protect is enabled.
• You have the firewall rule created correctly for the purpose, similar to what the screen shot shows below:
  
• You find out that after the rule applied, you can still telnet to a remote system on tcp port 25.

SEP POP3/SMTP email scanner is installed and enabled.

This behavior is by-design. When the POP3/SMTP email scanner is installed and enabled email messages are passed from the client software to the Symantec email proxy (which provides POP3/SMTP antivirus functionality). The Symantec email proxy then sends the scanned message to the server.  Because the email proxy is considered a trusted process it is allowed through the firewall.