Does anyone know if its possible to configure the NAT/firewall settings on the Vigor3900 to prohibit connections to the Internet on port 25 except from real mail servers???

I have been informed that this should help eliminate potential threats from spam bots etc.

Are you talking about your own mail servers... So only your server can send mail out and not PCs etc if there are infected in some way?

If so then Create a Rule with the LAN source as Any, destination Any and sevivce at port 25 then block if no further match
Under that rule create one with the source as the mail servers, destination ANY ,Service 25 and PASS.

If it's just one exchange server I usually cheat and create a rule with the Source address as the Exchange IP (invert selection) Destination ANY service 25 and Block