Re: [exim] Use of P0f

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim users
Subject: Re: [exim] Use of P0f
Mike Cardwell wrote:

>> ACK. The initial test box was so lightly loaded some of the traffic was messages
>> I sent it just so I didn't have to wait 20 minutes to capture something...
>>
>> And *those* were the ones most often missed-out. Given they had traversed under
>> 20' of CAT5E @ 100 BT one hop of decent switch fabric, I'm not too fussed.
>>
>> OTOH, I'm watching P0f from an ssh session, no file-writes or other manipulation
>> involved.
>
> I turned my OS logging back on a short while ago. I have an old script
> to get some related stats:
>
> ========================================================================
> root@haven:/etc/exim4/scripts# perl os_stats.pl
> Connections: 147
>
>    Linux: accept:17, reject:1
> Solaris: accept:2, reject:4
> Unknown: accept:10, reject:1
> Windows: reject:112
> ========================================================================


root@haven:/etc/exim4/scripts# perl os_stats.pl
Connections: 489

FreeBSD: accept:1
Linux: accept:52, reject:2
Solaris: accept:4, reject:10
Unknown: accept:20, reject:10
Windows: accept:1, reject:389

1/389 for Windows ... I remember the ratio used to be bad, but I don't
remember it being as bad as that! I wish I could just block Windows
hosts altogether. I looked up that 1 email which was accepted to check
if it was a spam that got past my filters, but it turned out to be a ham
sent from a Windows box running hMailServer.

--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)