p0f isn't really a solution, just because windows tcp/ip stack is so messy that you cannot recognize or really differentiate versions. The only think you could tell is if it is a windows machine or not. Which is obviously not a good test.
Also ports 445,135, etc are very often firewalled by ISP themselves, so you obviously couldn't connect to most senders. I once did a script that used samba to send a shutdown command to windows machines connecting to my exim using administrator as the login and a null password (as only a very badly configured machine should be like that) and putting a delay line in exim afterwards. But I couldn't connect to many hosts due to their ISP blocking ports. A better idea would be connecting to their port 25 when they connect to yours, try to send a fake mail to your domain (about the way exim does it with callouts). And if they accept, then, they have an openrelay and you can start blacklisting. But this would also lead to some (probably very few) false positives. As of the moral or legal issues, I don't care, if they run a mail server, they should expect connections to it. And if they are sending me spam, I have at least the right to test them, and I could myself pursue them for sending me spam. After all exim also does this kind of stuff with callouts, even when an IP that has nothing to do with the maintainer of the MX tries to send a spoofed mail. It is a matter of fact that many (most?) mailservers are badly configured and you cannot use a single test to classify them all. Richard Clayton <[EMAIL PROTECTED]> said, in message [EMAIL PROTECTED]: >>>I was thinking of some way to examine the sender to see if it >>>looked like it was a home computer running Windows XP as opposed to >>>a server. >> >>to do this effectively on a machine in the UK would almost certainly >>involve you in committing an offence under the Computer Misuse Act >>1990 On top of the legal and moral issues, hitting ports 135 etc won't be all that effective nowadays, as they'll probably be firewalled by XP for most home users. That said, the idea of fingerprinting has been discussed here before, and the friendly way to do it is passively, using p0f. I suspect that's the question that Marc should be asking... though asking google first might give the answer he wants! Cheers, Alun. -- .O. ..O OOO PGP key: http://www.llorien.org/gnupg/key.pub
signature.asc
Description: OpenPGP digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
