A couple of workstations got infected and caused our network to get on a number of blacklists, creating a problem for sending email.
While one tech was cleaning the workstations we temporarily put in a couple of firewall rules on the ISA550W to make sure no workstation initiated SMTP could get out through the ISA550W.
Our approach was to add a rule at the top to "permit" SMTP traffic from our Exchange server, followed by a rule to "deny" SMTP traffic to the overall network. I'm attaching an image, but it does not seem to show up in preview.
This seemed to work, but I wanted to know if there's a better way to do this.
Thanks - Richard