Andrew Pam wrote:
This looks like a great idea for a qpsmtpd plugin:
Run p0f (http://lcamtuf.coredump.cx/p0f.shtml) on the incoming connection, then apply some kind of rate-limiting if it seems to be running Windows. The only question is how best to do the rate-limiting.
Robert Spier already started implementing this:
I just committed some new plugins to the CVS trunk:
geoip - uses MaxMind's GeoIP database to find out where in the world a connection is coming from. Compatible with 0.28
p0f - uses Michal Zalewski's p0f (a passive OS fingerprinting tool)
to figure out what kind of machine a connection is coming from. This
will currently only work with qpsmtpd-forkserver, until the other
modes are updated to pass the appropriate information to
start_connection.
And yes, I'm planning to use these later to make decisions based on OS and Location to trigger other actions.
You'll have to check out from CVS to get these two...
John
