Re: [exim] exim and p0f - any suggestions?

Pàgina inicial
Delete this message
Reply to this message
Autor: Chris Lightfoot
Data:  
A: maciek@net2000.pl
CC: exim-users
Assumpte: Re: [exim] exim and p0f - any suggestions?
On Sun, Nov 26, 2006 at 07:48:21PM +0100, maciek@??? wrote:
> I am about use p0f fingerprinting with my exim + amavisd-new + SA
>
> I want to use in exim acl external shell or perl script to take distance
> and OS from p0f, then put with warn X-p0f header in incoming email and
> with amavisd-new and SA score spam based on that header
>
> What do u think about that? Anyone tried this approach? What are
> disadvantages and pros with that solution?


I had a cursory look at this a few weeks ago. p0f has a
daemon mode which can be queried over a UNIX socket, which
would be a little more efficient than invoking a shell
script (important if your transaction volume is high). I
imagine that this can be driven with the ${readsocket
expansion function but I haven't looked in detail. If not
you'll need to write a little bit of perl.

Propagating the information from p0f downstream to the
spam filter is obviously the right way to use it, but I'm
skeptical that it will give you any significant additional
information.

--
``Of course we are not patronising women. We are just going to explain to
them, in words of one syllable, what it is all about.'' (Olga Maitland)