Am 02.02.2011 18:00, schrieb Giampaolo Tomassoni: >> Hi >> >> checking the p0f website last developments date back to 2006. No visible >> activity ever since. >> Does it make sense today to use p0f to find out about the clients that >> connect to port 25? Or are p0f signatures completely outdated? > > In my own experience, I got the felling it is almost useless. > > This is not because its signatures may be outdated nowadays, but rather > because its best capability (detecting the client's os) doesn't make any > difference anymore in the mailing market: a lot of companies use MS Exchange > as their MX and a lot of both legit and spam messages are injected in > internet via a MS Windows system as well as a Unix one. > > It would be still interesting if it could reliably detect when a client is > running behind a nat: spam is often sent from virused systems, which are > often connected to Internet via a NAT router. Instead, a legit MX is seldom > run this way. > > Unfortunately, p0f seems to often fail in detecting this... > > Actually I still use p0f in my SA setups, configuring SA in such a way to > feed the p0f results to Bayes and CRM114. I do this in the hope that its > results may help these modules to correctly discriminate the incoming > message. But I'm absolutely not trusting this.
I don't want to fight spam with p0f. My primary concern is to find out what sort of clients connect to my MX'es and use this information for statistical reasons. Is the detection good enough for that? John > Giampaolo > >> >> thanks, >> John >> >> ------------------------------------------------------------------------------ >> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >> Finally, a world-class log management solution at an even better >> price-free! >> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >> February 28th, so secure your free ArcSight Logger TODAY! >> http://p.sf.net/sfu/arcsight-sfd2d >> _______________________________________________ >> AMaViS-user mailing list >> AMaViS-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/amavis-user >> Please visit http://www.ijs.si/software/amavisd/ regularly >> For administrativa requests please send email to rainer at openantivirus >> dot org >> > > > ------------------------------------------------------------------------------ > Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! > Finally, a world-class log management solution at an even better price-free! > Download using promo code Free_Logger_4_Dev2Dev. Offer expires > February 28th, so secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsight-sfd2d > _______________________________________________ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > Please visit http://www.ijs.si/software/amavisd/ regularly > For administrativa requests please send email to rainer at openantivirus > dot org ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
