Re: [exim] IPv6 capable p0f and geoip dlfunc available

Inizio della pagina
Delete this message
Reply to this message
Autore: Chris Knadle
Data:  
To: exim-users
Oggetto: Re: [exim] IPv6 capable p0f and geoip dlfunc available
On Saturday, July 07, 2012 12:14:23, Janne Snabb wrote:
...
> MaxMind GeoIP dlfunc for Exim
> =============================
>
> This is an IPv6 capable GeoIP dlfunc library for Exim. It implements an
> interface between Exim access control lists and MaxMind's GeoIP
> database. This can be useful for greylisting or scoring IP addresses of
> SMTP senders according to the country code of the sender's IP address.


Knowing the country of origin of an incoming email connection sounds
interesting from an informational logging perspective. At one time I was
scoring/blocking based on country of origin, but I found it caused more
problems rather benefit once I started communicating more with people in
the Debian project.

> p0f version 3 dlfunc for Exim
> =============================
>
> This is p0f version 3 dlfunc library for Exim. It implements an
> interface between Exim access control lists and the p0f daemon which
> does passive OS fingerprinting. This can be useful for greylisting or
> scoring IP addresses of SMTP senders according to sender's operating
> system. p0f version 3 and this dlfunc supports IPv6. Note that the
> interface is *not* compatible with p0f versions 2.x or older.


Scoring or blocking based on OS sounds dangerous, but you probably meant
this more as an example of one thing that is possible to do with it. p0f
also sounds interesting from an informational logging perspective, for
starters. The readme mentions it's possible for it to "detect illegal
network hookups".



Also sounds to me like it would be convenient to build these two Exim
'addons' into Debian packages, which would make them easier to install on
Debian-based distros. Let me know if someone is already working on this,
otherwise I might give it a shot as a way of checking these out. [I've
built a few Debian packages and gotten them to work, although I haven't
submitted any to try to get them into Debian proper yet for different
reasons.]

-- Chris

--
Chris Knadle
Chris.Knadle@???