Blocking SMTP

[Adam <adam@xxxxxxxxxxxxxxxxxx>]

I have always had the following rules on my Linux Firewall:

type  prot source               destination          ports
acc/m tcp  backbone/24          anywhere             any -> any
acc/m udp  backbone/24          anywhere             any -> any


Which lets anyone attach to my network access the internet from their
workstation/PC.  Thats all well and good.  This firewall is also an
SMTP/sendmail forwarder.  That is all incoming mail goes to the firewall,
and all outgoing mail goes to the firewall,  and then from there to
wherever.  And is recorded in the maillog as it goes.

Now I've got workstations and PC's out their with apps capable of sendming
e-mail.  Nothing is to stop them from just blasting it out to the
Internet,  and it would not be recorded in the maillog.  What I want to do
is continue masq.  just like before but block port 25 (SMTP) so that no
mail can get out except through the firewall.

What I've tried is :
ipfwadm -F -i reject -P tcp -Sbackbone/24 25 -D0.0.0.0/0
which results in:
rej   tcp  backbone/24          anywhere             smtp -> any
acc/m tcp  backbone/24          anywhere             any -> any
acc/m udp  backbone/24          anywhere             any -> any

But from a box on the inside i can still 'telnet mail.rust.net 25' and get
their SMTP server.  I've tried some other wierd combinations but can't
seem to come up with a rule to kill that traffic.  It has been awhile
since I really did much work with ipfw, so maybe I'm missgin something
obvious.

Any help would be greatly appreciated.