SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-16-2008, 05:47 AM
| ||||
| ||||
 Re: does anyone use pf.os? On Tue, 06 Jul 2004 16:06:01 +0100, Justins local account wrote: > Daniel Hartmeier <daniel@benzedrine.cx> writes: >> >> I'm redirecting TCP connections to port 25 (smtp) with Windows >> fingerprints to spamd. Instantly gets rid of all mails generated >> by Windows worms who use their own SMTP engine (instead of relaying >> through a Unix box). > > does this hinder hotmail (and would that be a good or bad thing....) No, hotmail mail deliverers don't appear to have Windows signatures: From xyz@hotmail.com Thu May 13 15:18:33 2004 Received: from hotmail.com (bay9-f25.bay9.hotmail.com [64.4.47.25]) by insomnia.benzedrine.cx (8.12.11/8.12.11) with ESMTP id i4DDHsFl010384 for <daniel@benzedrine.cx>; Thu, 13 May 2004 15:18:04 +0200 (MEST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 13 May 2004 06:17:45 -0700 Received: from 65.205.28.100 by by9fd.bay9.hotmail.msn.com with HTTP; Thu, 13 May 2004 13:17:45 GMT (the mail made it through, so the signature wasn't Windows) I don't get mail through them regularly, so I don't have a pflog which shows what OS (if any) the TCP fingerprint matches. You can add 'log' to the rule passing in SMTP, then use tcpdump to show all fingerprints you collected over some time, then check the sources that match Windows. Or, instead of redirecting to spamd, redirect to some SMTP proxy (which adds some header, like X-TCP-Signature-Windows, but passes all mails to the real MTA) first, etc. Daniel      |
Linear Mode
