Re: [exim] Has anyone done this?

Góra strony
Delete this message
Reply to this message
Autor: Bob Johannessen
Data:  
Dla: exim
Temat: Re: [exim] Has anyone done this?
Matt Fretwell wrote:
> SAV = Sender address verification
>
> The relevance between the two concepts being that both connect to the
> sending client|server...


They do? I don't do any sender address verification in Exim, but it's
my understanding that it connects to (one of) the return paths MX-es,
and not to the sending client. Considering how much spam is sent with
forged return paths I think the difference is quite significant. I'm
willing to put up with a lot more probing from a server to which I'm
actually sending e-mail.

Now I don't necessarily think port scanning sending clients is a good
idea, but I personally find it less intrusive then aborted e-mail
transaction to (one of) the return paths MX-es.

> However, even though Peter did mention a valid point, as I mentioned
> previously, the whole concept of OS finger printing and other mechanisms
> that are suggested for testing the validity of the client machine, such as
> Marc's suggestion of connecting to the authentication ports, I do find
> distasteful.


I'd just like to point out that OS finger printing can be done observing
traffic only: http://lcamtuf.coredump.cx/p0f.shtml


    Bob