I've got a problem with a Windows 2000 server (well, apart from the fact that I'm forced to admin it ;) ).

I've setup a firewall in front of the machine and have locked it down to only let through web, ftp, dns, vnc, etc. Everything else is blocked.

The problem is that even though I've let port 25 tcp out, email will not send from the box (just stays in the queue).

Only when I allow all tcp traffic out will the emails send.

The mail software is "MailEnable" and it's setup to send using port 25 (dur!).

Does anyone know of any ports which I need to leave open to make it work, since I don't fancy sitting here trying every combination possible :D

Ta

I presume you mean that you let traffic out where the destination port is port 25 (rather than when the source port is 25). This -should- work.

You need to do one of two things:
1) Take a look at the firewall logs and see what traffic it is denying.

2) Sniff the traffic between the Windows 2000 box and the firewall (Ethereal would be a good choice for this) and look at the traffic that the Windows box is sending to the firewall.

Are DNS lookups getting through?

Of course your mail server needs to be able to perform DNS lookups. Sorry if this is obvious or brief - it's a bit late in the day for me... :(