On Fri, 4 Jul 2014, Christian Laußat wrote:
There is an old p0f plugin on
http://whatever.truls.org/spamassassin.text.shtml.
p0f didn't seem maintained since 2006, but there is a new rewritten version
on http://lcamtuf.coredump.cx/p0f3/ (with a different API).
I have written a plugin to use this new version of p0f (
https://kvm.laussat.info/2014/07/04/p0f-v3-spamassassin-plugin-for-p0f-passive-os-detection/
) and found in my own statistics that almost all mails comming from Windows
are spam (probably botnet infected PCs). I don't want to judge an email
sender on the OS he's using, but I think it's worth adding a few spam score
points for Windows.
Do you think passive OS detection is still usefull today?
It depends. How many spams identified using p0f scored poorly using the
standard rules?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
I would buy a Mac today if I was not working at Microsoft.
-- James Allchin, Microsoft VP of Platforms
-----------------------------------------------------------------------
Today: the 238th anniversary of the Declaration of Independence
