Developers, There are some sort of Passive OS Fingerprinting implements, pof v3 (http://lcamtuf.coredump.cx/p0f3/) is one of that, and do light-weight, very quick response in my environment. I don't know the detail history of this app, there is a simple API for utilize information of the other-end OSes.
Many experiences that possible bot machines running 'Doze OS and if we can identify that, we could reduce cost of checking DNSBLs, etc. I know that Microsoft themselves running such OS in their service environment, we should be careful about the result of p0f's and we might fine tune fingerprints for a while. And, also know that there are some implements as milter or policy daemon utilizing p0f. I think that p0f's quickness and stand points of connection checking, it has good reason to cope with postscreen. Attachement is a patch against postscreen implementing I/F to p0f daemon, and do DROP/ENFORCE/IGNORE as well as other checking methods. (diff to postfix-2.10-20120902) If you would like test, you must get/compile/install p0f first as instructed in http://lcamtuf.coredump.cx/p0f3/README I had setup on Linux machine, local unix socket, it's work very fast like memcached. Regards, --- Tomo. p.s. If you install p0f, don't forget sending chocolate to the author ;-p
postfix-2.10-p0f1.diff.gz
Description: Binary data
pgpslZD7GtPZo.pgp
Description: PGP signature
