Disabling SMTP via Group policy.

    General discussion

  • All,

    We are trying to stop outbound of SMTP traffic on port 25 and 587 from our windows 7 64bit enterprise client machines. We were going to use Windows firewall rules in group policy to block all this traffic which goes to all of our machines.

    The issue that we have is there are some people that require access to use this protocol and need to be an exemption.

    What I have come up with is to have the block on the core group policy and create another GPO which will process after the core GPO which will allow SMTP traffic through security filtering.

    I have a couple of questions:

    • Do I have to place all the firewall setting in both GPOs? or will the exemption GPO append the core setting?
    • Is there a better way to stop all outbound SMTP traffic for everyone, but have an exemption for approved machines?

    Thanks in advance.


    Friday, April 7, 2017 5:09 AM

All replies

  • Jason,

    You seem to be on the right track.  If I understand you correctly, Yes ,you do have to place the firewall setting in both GPOs, with the core GPO blocking, and the exemption GPO allowing. 

    I am thinking that there is probably a reason that you are blocking outbound SMTP with GPO, and while there are other ways, external firewall, antivirus programs, it would be hard to say what would work better for you.

    Joseph M. Durnal MCM: Exchange 2010 MCITP: Enterprise Messaging Administrator, Exchange 2010 MCITP: Enterprise Messaging Administrator, MCITP: Enterprise Administrator

    Tuesday, May 16, 2017 5:57 PM
  • Yes, the option will be using security filtering and below options can be used,

    1. As you said create two group policies with allow and deny settings and apply security filtering.

    2. Create one GPO for deny SMTP traffic and in the security filtering deny this policy for whoever it should not get applied

    Wednesday, May 17, 2017 7:02 AM