Given that if you are configured for SMTP mail, emails from other organisations doesn't come to you through the Plusnet servers I don't understand why you would want to do what you have asked. Could you explain please.

@ash72: my understanding is that when you switch to SMTP delivery the IP address of your SMTP server is placed in the DNS as the highest priority (lowest preference value) MX record, with the PN server(s) as lower priority. This means email is delivered directly to you from other SMTP servers. The PN servers will only deliver to you when your server has been unreachable from the 'net and mail has been queued on them for delivery when your server is back (or you use the autoturn facility). It's not a good idea therefore to block non-PN SMTP servers as you will incur large delays while other servers attempt to connect to you, fail and use the PN servers who in turn will have to periodically check that your server is on-line.
Other ISPs do offer an alternative model where their SMTP servers are the only ones listed in the MX DNS records and will act as store and forward meaning that your SMTP server will only see connections from the ISP servers. Eclipse is an example of this (or was).

Thanks jelv & MrC
I am having a problem with internet access being incredibly slow sometimes.  We have a small network, max 5 internal users, but when I check my ISA monitoring we average something like 40 external secureNAT sessions from IP addresses that I do not recognise.  On occasion, some of our users access the network from outside, but none are currently.  The only firewall rule I could see that allowed any user to connect from an external network was the SMTP rule.  I thought if mail only came via Plusnet's servers, I could restrict this to an Ip range.
I will have to investigate further and see what else I can do to stop this.
Thanks for the clarification.
ash72

Are these external connections all to port 25 (ie SMTP)? If not, and you've got port ranges forwarded, then maybe it might be an idea to forward specific ports only (apologies if I'm making erroneous assumptions about your network here ).

Is your ISA implementation a multi-homed dedicated box, or is it installed on a machine with a single NIC?
Also, what is the connection infrastructure like on your network?
I'm hazarding a guess at a network switch, plugged into an internet router, with all clients being served out of various ports on one or other of the switches.
And perhaps a single server running SBS2003 or something like that?

MrC - Not sure which port they are using or how to find out, ISA2004 does not seem to list the port in use.  Can you advise?
James_G  - I use a SBS2003 single box with two NICs one to the internal network, one to the router.  Using ISA2004 on the SBS box as a gatweay (if that is the right word).