Earlier this week someone helped me lock down my ASA to only allow email traffic from a range of IP Addresses. I am testing a service that GFI Mail Essentials provides. They basically filter out virus and spam on emails. The range of IP Addresses were GFI's. Pior to the change I had Port 25 open to ANY. I do not think I will continue to use GFI. I will just be relying on ForeFront Security for Exchange. From a security perspective and what is common, is Port 25 typically open to ANY at the Firewall?