I have a newbie security related question.
Should port 25 (smtp) be blocked by firewall on my server? Or will doing so mean that i cannot send any mail at all?
Maxwell: I basically have my own mail server. It is used by the website, on the same server, to send mails. I also need to be able to send/receive mails using a pop client. In that case which of your options should i adapt?
If you intend to just send and not receive mail from this server, just block incommming connections on port 25 on the server firewall.
If you're hosting your own mail server you need to accept at the network firewall the trafic to and from port 25 at destination of your corporate mail server.
If you do not host your own mail server, at the network firewall you just have to allow outgoing connections on port 25.
If you need a more concise answer, please edit your question and add some more informations.
Hope this helps.
Assuming you have you own mail server, then what you should do is block all outgoing "port 25" packets at the firewall except from your mail server. This is (or should be) standard practice for all networks. The reason for this is if any of your systems get infected with a spam virus, then even if they start spewing spam, it won't reach the outside world, and you won't end up with your domain on all the spam blacklists. (I'm speaking from bitter experience here).
As well, you can block all SMTP packets coming in from outside except those destined for your mail server.
You may also want to screw down other packets - for example, if you have everyone on the network going through a proxy server for internet access (to implement web filtering, for example), then use the firewall to block outgoing http packets from all sources except the proxy server.