Phil Pennock wrote: > On 2009-05-13 at 23:16 +0800, W B Hacker wrote: >> In another thread covering greylisting, Mike Cardwell posted that >> greylisting >> could be skipped when (among other entries): >> >>> 2.) If P0F detects the connecting host to be non-Windows (Used P0F for this) >> Which sounded interesting, so.... >> >> Using p0f with the barest of directives: > > An alternative which I've been using since 2008-04-27 is to use the pf > packet filter (I run FreeBSD) to detect the OS and redirect connections > from Windows to port 26 and have Exim use local port stuff in exim.conf. > More lightweight than Perl (which is somewhat more heavyweight than > dnsdb).
*snip* (implementation details, et al) > Looking in my Spam folder (stuff which gets past RBLs), 28% of the mails > therein have the X-Filter-BadOS: header. > > Regards, > -Phil > If it gets that far, a string-match on the almost (but not quite) ubiquitous 'maker's name' of that particular 'BadOS' in headers will find them with the least coding. I once supported an account that rejected traffic on that basis - spam or otherwise - on the grounds that anyone who had chosen that OS could not possibly have anything of relevance to convey to that addressee. Think 'ABM' interest team, and one supremely disinterested in arguing with the hag-ridden. Can't claim it is necessarily lighter overall at doing that, but at least needs neither perl nor packet handling externals. But p0f has turned up something I had not expected - port 25 entirely aside, nearly 80% of the break-in attempts are coming off Linux boxen and mostly to port 22, very few from WinBoxen - on any port. Looks to me as if Linux has indeed won 'market share' - but not where we might have most wished it to have appeared.... :-( Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
