TCP port 25 (SMTP) not blocking outbound traffic Endpoint Protection
search cancel

TCP port 25 (SMTP) not blocking outbound traffic Endpoint Protection


Article ID: 172204


Updated On:


Endpoint Protection


You have created a firewall rule using Symantec Endpoint Protection (SEP) to block outbound connection to tcp/25 and this rule has been correctly applied to the clients. However, the rule doesn't seem to have any effect.


  • The clients who have the firewall rule applied have Symantec Endpoint Protection POP3/SMTP Email Scanner installed and Internet Email Auto-Protect is enabled.
  • You have the firewall rule created correctly for the purpose, similar to what the screen shot shows below:
  • You find out that after the rule applied, you can still telnet to a remote system on tcp port 25.



SEP POP3/SMTP email scanner is installed and enabled.


This behavior is by-design. When the POP3/SMTP email scanner is installed and enabled email messages are passed from the client software to the Symantec email proxy (which provides POP3/SMTP antivirus functionality). The Symantec email proxy then sends the scanned message to the server.  Because the email proxy is considered a trusted process it is allowed through the firewall.