Here’s a quick tip – how to block SMTP from leaving a network (apart from specific mail servers) using a Cisco ASA 5500 Series firewall.
STEP 1: Allow specified mail servers to sent SMTP
access-list INSIDE_ACL extended permit tcp <mail server IP>255.255.255.255 any eq smtp
STEP 2 : Deny SMTP to all other devices
access-list INSIDE_ACL extended deny tcp any any eq smtp
STEP 3: Allow all other traffic
access-list INSIDE_ACL extended permit ip any any
STEP 4: Apply ACL to inside interface
access-group INSIDE_ACL interface <name of inside interface>