ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
TCP port 25 (SMTP) not blocking outbound traffic Endpoint Protection
Article ID: 172204
You have created a firewall rule using Symantec Endpoint Protection (SEP) to block outbound connection to tcp/25 and this rule has been correctly applied to the clients. However, the rule doesn't seem to have any effect.
The clients who have the firewall rule applied have Symantec Endpoint Protection POP3/SMTP Email Scanner installed and Internet Email Auto-Protect is enabled.
You have the firewall rule created correctly for the purpose, similar to what the screen shot shows below:
You find out that after the rule applied, you can still telnet to a remote system on tcp port 25.
SEP POP3/SMTP email scanner is installed and enabled.
This behavior is by-design. When the POP3/SMTP email scanner is installed and enabled email messages are passed from the client software to the Symantec email proxy (which provides POP3/SMTP antivirus functionality). The Symantec email proxy then sends the scanned message to the server. Because the email proxy is considered a trusted process it is allowed through the firewall.