We don't have a mail server here. Our ISP hosts our email for us, so yeah, we do allow SMTP out. I wonder if there's a way to force all port 25 traffic to one IP in the firewall?
-----Original Message----- From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, October 03, 2011 4:04 PM To: NT System Admin Issues Subject: RE: Torpig/Anserin/Mebroot infection Jus to confirm, you don't allow outbound SMTP from anything other than your corporate SMTP boxes do you? ________________________________________ From: John Aldrich [jaldr...@blueridgecarpet.com] Sent: 03 October 2011 7:59 PM To: NT System Admin Issues Subject: RE: Torpig/Anserin/Mebroot infection Email blocklist: cbl.abuseat.org for "attempting to make contact to a Torpig Command and Control server at 91.20.221.209, with contents unique to Torpig C&C command protocols." From: Paul Hutchings [mailto:paul.hutchi...@mira.co.uk] Sent: Monday, October 03, 2011 1:54 PM To: NT System Admin Issues Subject: RE: Torpig/Anserin/Mebroot infection Can you expand on "blacklisted"? Which blacklist and for what type of traffic? ________________________________________ From: John Aldrich [jaldr...@blueridgecarpet.com] Sent: 03 October 2011 6:22 PM To: NT System Admin Issues Subject: Torpig/Anserin/Mebroot infection So, our external IP is blacklisted because apparently one of our machines is infected with a banking Trojan. Short of going to each and every individual machine on the network, the only thing I can think of to do is to set up logging of the ASA to a syslog server. I have downloaded and installed a trial version of Kiwi syslog, but I cant figure out how to configure it to forward the log files to my system. Anyone here able to provide a good how-to? I *did* Google, but apparently my Google-fu sucks, as I wasnt able to find instructions that made sense to me. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ________________________________________ MIRA Ltd Watling Street, Nuneaton, Warwickshire, CV10 0TU, England Registered in England and Wales No. 402570 VAT Registration GB 100 1464 84 The contents of this e-mail are confidential and are solely for the use of the intended recipient. If you receive this e-mail in error, please delete it and notify us either by e-mail, telephone or fax. You should not copy, forward or otherwise disclose the content of the e-mail as this is prohibited. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin