Generally a firewall should be configured to deny everything, then only allow access you want. So for example you might allow ports 25 and 110 from everyone, but only allow port 80 from a proxy server (which then requires authentication). What sort of stuff do you have installed at the moment?