Jim,
ATM I have exchange set to dis-allow outbound mail, just to be safe. I want to have something more then just a simple home-level nat box before I allow anything more out, pending a full while and re-load. The damage done was to the box itself. The few pieces of email that needed to go out this weekend (seven or eight, I think) used my personal mail server as the outbound. Forgive me if I'm not making any sense, I've been burning the candle at both ends...
~Nick
Hi Nick,
I (personally) don't think that is enough. If the box was rooted,
there could be bots (i.e. other processes) sending outbound email.
Those processes could be persistent or periodic, and they could be
additional services or sub-processes of known-good services. Further,
the bots could be dynamically loaded via on-box applications (i.e.
Internet Explorer, Firefox, etc.)
You would need an off-box firewall to successfully block outbound SMTP
connections. With most, if not all, rooted boxs there really is no
safe way of securing it. Your best path forward is to (IMHO) buy an
new harddrive and start from scratch, manually copying only known-good
files to the new drive, preferably using an intermediate box to virus
scan each moved file.
Best wishes,
-Jim P.