anyone want to tell him about an SMTP gateway ? On Mon, Oct 3, 2011 at 4:14 PM, John Aldrich <[email protected]>wrote:
> We don't have a mail server here. Our ISP hosts our email for us, so yeah, > we do allow SMTP out. I wonder if there's a way to force all port 25 > traffic > to one IP in the firewall? > > > > > -----Original Message----- > From: Paul Hutchings [mailto:[email protected]] > Sent: Monday, October 03, 2011 4:04 PM > To: NT System Admin Issues > Subject: RE: Torpig/Anserin/Mebroot infection > > Jus to confirm, you don't allow outbound SMTP from anything other than your > corporate SMTP boxes do you? > ________________________________________ > From: John Aldrich [[email protected]] > Sent: 03 October 2011 7:59 PM > To: NT System Admin Issues > Subject: RE: Torpig/Anserin/Mebroot infection > > Email blocklist: cbl.abuseat.org for "attempting to make contact to a > Torpig > Command and Control server at 91.20.221.209, with contents unique to Torpig > C&C command protocols." > > > > From: Paul Hutchings [mailto:[email protected]] > Sent: Monday, October 03, 2011 1:54 PM > To: NT System Admin Issues > Subject: RE: Torpig/Anserin/Mebroot infection > > Can you expand on "blacklisted"? Which blacklist and for what type of > traffic? > ________________________________________ > From: John Aldrich [[email protected]] > Sent: 03 October 2011 6:22 PM > To: NT System Admin Issues > Subject: Torpig/Anserin/Mebroot infection > So, our external IP is blacklisted because apparently one of our machines > is > infected with a banking Trojan. Short of going to each and every individual > machine on the network, the only thing I can think of to do is to set up > logging of the ASA to a syslog server. I have downloaded and installed a > trial version of Kiwi syslog, but I can’t figure out how to configure it to > forward the log files to my system. > > Anyone here able to provide a good how-to? I *did* Google, but apparently > my > Google-fu sucks, as I wasn’t able to find instructions that made sense to > me. > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ________________________________________ > MIRA Ltd > > Watling Street, Nuneaton, Warwickshire, CV10 0TU, England > Registered in England and Wales No. 402570 > VAT Registration GB 100 1464 84 > > The contents of this e-mail are confidential and are solely for the use of > the intended recipient. If you receive this e-mail in error, please delete > it and notify us either by e-mail, telephone or fax. You should not copy, > forward or otherwise disclose the content of the e-mail as this is > prohibited. > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
