There is an old p0f plugin on
http://whatever.truls.org/spamassassin.text.shtml.
p0f didn't seem maintained since 2006, but there is a new rewritten
version on http://lcamtuf.coredump.cx/p0f3/ (with a different API).
I have written a plugin to use this new version of p0f (
https://kvm.laussat.info/2014/07/04/p0f-v3-spamassassin-plugin-for-p0f-passive-os-detection/
) and found in my own statistics that almost all mails comming from
Windows are spam (probably botnet infected PCs). I don't want to judge
an email sender on the OS he's using, but I think it's worth adding a
few spam score points for Windows.
Do you think passive OS detection is still usefull today?
--
Christian Laußat
https://kvm.laussat.info/
