Autor: Peter Bowyer Datum: To: Exim Users Mailing List Betreff: Re: [exim] Has anyone done this?
On Sun, 6 Mar 2005 07:57:12 +0000, Matt Fretwell <mattf@???> wrote: > Marc Perkel wrote:
>
> > What I'm experimenting with is running nmap on port 25 of the incoming
> > connection and seeing what it returns which is either open, filtered,
> > closed, or none. Looking to see if there is an identifyable pattern.
>
> Crap idea. Full stop. Forget it. (Tact obviously doesn't agree with you,
> so I am not even going to try).
>
>
> > You know - if you did a callback to the sending host to check you see if
> > ports 587, 465, and 783 were open I bet that the message were very
> > likely be non-spam.
>
> Are you really such a sad sod, or are these legitimate ideas? If it is an
> ***OUTGOING*** server, why the hell would someone have submission ports
> open to external access?
I'm not usually quick to come to Marc's defence, but as long as he's
not using this as a block/noblock test but as an input to a decision
tree or a bayesian system, it could be quite useful.
He says that if he finds 587,465 and 783 open, he considers this a
non-spam indicator. I agree. What he doesn't say is that he will
consider the message likely spam if those ports are not open. Which
would be wrong.
Peter (Easy like Sunday morning...)
--
Peter Bowyer
Email: peter@???
Tel: +44 1296 768003
VoIP: sip:peter@???