I have blocked outgoing port 25 to prevent spam being sent from my servers.
However, I'm not very familiar with SMTP and I have heard that ports such as 465 and 587 can also be used to send mail, but over TLS.
Should I block those ports as well to prevent spam from being sent? Are there any other ports I should block as well?
Is it safe to ublock 587, SMTP submission port? mentions just 587, but I'm wondering about other ports as well.
Best Answer
Normally ports 465 and 587 require user authentication prior to accepting emails - if this is the case, then you don't need to block these ports (from the purpose of being an open relay), as only users who are authenticated against your system can use them. That said, if you are not opening your system to incoming users, blocking them is a good idea (less access=less security risks).
Generally a secure firewall should be built "default deny", and I suggest thats what you do here if you can. You don't need 587 or 465 in order to receive email from other users.
Lastly, assuming your system is not an open relay, your system will most likely send spam if a users account (or a website using the mail server) is compromised. Tightening up the mail server won't help this behaviour - its a matter of educating users and locking down what can send email.
If you need a fallback, you can always attempt to run filters on outgoing mail or farm this task out to a third party provider - but this may well be overkill for your needs.