Hi Joe, At 15:51 01-12-2004, Joe Emenaker wrote:
That was the first thought through my mind when I read the original post. No need for a full-blown fingerprint... just see if they look "server-ish" or not. Try connecting to 25... and then maybe telnet, ssh, http, and imap.
You cannot assume that any of these other services are running or accessible.
There'd be some overhead involved in this, initially, but this could be mitigated by keeping a cache of previous call-backs. I imagine this would act like a sieve, where the hosts who send you the most mail (and, hence, would cause the greatest call-back load) would appear in the cache the soonest, and that would cut down on the call-back load the most. After a week or so, I imagine that the call-back load would be tapering off to those few odd hosts which connect.
There are some sites which implement the above.
Good thing they're well-known. We can add them to a file of known outgoing-only servers and can further cut down on the call-back load.
Your users will scream while you determine which sites to "whitelist". :)
Regards,
-sm
