[Exim] p0f integration

Pàgina inicial
Delete this message
Reply to this message
Autor: Peter Bowyer
Data:  
A: exim-users
Assumpte: [Exim] p0f integration
Following a posting on another list, I recently came across the p0f
project (http://lcamtuf.coredump.cx/p0f.shtml). In short, this is a tool
which attempts to identify the OS of a machine that connects (or attempts
to connect) to your server. It's done passively by inspecting the
low-level IP stream in the connection (much more detail in the URL
referenced above).

It's been postulated that knowledge of the OS of the machine originating
an SMTP connection to your server is a useful piece of data when
considering how to treat the connection - some might want to reject
recipients from Windows boxes on dialup IPs, for example. Or at least, set
a header so that SpamAssassin can grok it. Etc, etc, etc.

p0f has a useful-looking 'query' mode, which listens on a named pipe and
returns details of a connection given the source and destination IP
address and port.

I wonder how this could be used in Exim and/or Exiscan?

Peter