Sorry for not being clear in my original post. And thanks for the responses.
What I am trying to do is actually two things:
1. Block mail protocols (POP3, SMTP, etc) to external servers, which means an internal user can't access his gmail/yahoo mail account through an email client (outlook/thunderbird) installed on his PC.
2. Block access to all the webmail providers (Yahoo, Google, Hotmail, etc), but only block the webmail part, and leave everything else open. So an internal user can't access mail.yahoo.com, but can still access news.yahoo.com, maps.yahoo.com, etc.
So, for #1, since there are only a few mail protocols, as jjmontes suggested, which can be done through firewall rules. BTW, what do you mean by:
You can even transparently POP3 traffic.
For #2, is there any shortcut for me to block access to all the webmail providers? Or do I have to list them one by one? And I doubt I can enumerate every one of them.
One last question, can the above access restrictions be applied to only certain IPs within the domain?