Matt Fretwell wrote:
> SAV = Sender address verification
>
> The relevance between the two concepts being that both connect to the
> sending client|server...
They do? I don't do any sender address verification in Exim, but it's
my understanding that it connects to (one of) the return paths MX-es,
and not to the sending client. Considering how much spam is sent with
forged return paths I think the difference is quite significant. I'm
willing to put up with a lot more probing from a server to which I'm
actually sending e-mail.
Now I don't necessarily think port scanning sending clients is a good
idea, but I personally find it less intrusive then aborted e-mail
transaction to (one of) the return paths MX-es.
> However, even though Peter did mention a valid point, as I mentioned
> previously, the whole concept of OS finger printing and other mechanisms
> that are suggested for testing the validity of the client machine, such as
> Marc's suggestion of connecting to the authentication ports, I do find
> distasteful.
I'd just like to point out that OS finger printing can be done observing
traffic only:
http://lcamtuf.coredump.cx/p0f.shtml
Bob
