At 13:04 31-03-2008, Dennis Peterson wrote: >How are able to determine that? There's nothing in the connection >information or in the message that identifies the source OS, hardware, >or MTA. Everything in a message can be spoofed as can the sending
Passive OS fingerprinting. That only works if the source host is not behind a hardware firewall or if the message doesn't go through a relay. It can be used as an additional data point for content filtering or for policy enforcement to shed the load on the mail server. Regards, -sm _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
