Jim McBee says something that I’ve been evangelizing for a while: turn off outbound SMTP on your network. The only machines that should be able to send it are your messaging servers. Maybe, if you’re feeling generous, you might allow VPN users to send SMTP so they can send mail while on the road. That’s it, though. There’s no good reason why Joe Cubedweller should be able to send SMTP direct from his machine. Worms like Sober use it, as do a number of rootkits/botnet droppers.
Office 365 for IT Pros
RSS
Paul's Down-Home Page 
Good advice, it’s a practice I have been using for a while. Be sure to log the attempts at using port 25 and if your firewall supports it, have it send an alert. Also good port to block are IRC ports (TCP 6660-6670), Kazaa traffic (at least outbound 1214), SQL traffic (1433, 1434), Sub7 Trojan (1243, 2772, , 2773, 6711, 6776, 7215, 27374, 54283), Back Orafice Trojan (31337), Blaster Worm (TCP port 4444), Bagle Worm (TCP port 8866)… I guess I could go on, but i do this for a living.