Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] P0f support

2008-08-31 by Patrick Domack

Quoting Oliver Fromme <olli@...>:

>
> Patrick Domack wrote:
>  > Oliver Fromme wrote:
>  > > manu@... wrote:
>  > > > Patrick Domack <patrickdk@...> wrote:
>  > > >
>  > > > > well, since we now have support for everything else (dnsbl, spf,
>  > > > > dkim), why not add p0f support (os fingerprinting) to selectively
>  > > > > greylist against.
>  > > >
>  > > > Heavily greylisting windows XP boxen could be a major benefit.
>  > >
>  > > The important question is:  How reliable is it?  How likely
>  > > is it to get false positives?  It should be pointed out
>  > > that tools like nmap (and similar) just take a good guess,
>  > > but are often wrong.  For example, it doesn't detect one of
>  > > my backup MX machines correctly.
>  > >
>  > > Also note that some server admins intentionally change the
>  > > parameters of their TCP/IP stack so fingerprinting does not
>  > > guess their OS correctly (just like many admins change the
>  > > welcome message of their MTA so it confuses potential
>  > > attackers).
>  > >
>  > > I don't want to put a huge greylist delay on machines based
>  > > on their OS if the OS detection isn't 100% reliable.
>  > >
>  > > And I *certainly* don't want my own MTAs greylisted for a
>  > > long time just because some other braindead server is unable
>  > > to detect my OS correctly.  :-(
>  > >
>  > > That's why I feel a little uneasy adding such a "feature"
>  > > to milter-greylist.
>  >
>  > Well isn't that like anything. Nothing is ever going be reliable, [...]
>
> Right.  Sadly.
>
> There was a time (before spam existed, and before anybody
> would even consider running MTAs on Windows) when e-mail
> delivery in the internet was reliable.  Sadly this isn't
> the case anymore today.
>
> Talking about filter features:  Some features are more
> reliable than others, and some features are easier to
> abuse or misuse than others (or to use in an inappropriate
> or wrong way).
>
> If an OS fingerprinting feature will be implemented in
> milter-greylist, it should at least be accompanied by
> a fat warning, and it should not be included in the
> sample configuration file by default.
>
> Of course, nothing helps against clueless mail server
> admins.  I'm already pretty much fed up with such people,
> having dealt with a lot of them [*].  Of course this is
> not to blame on milter-greylist.  But the more features
> milter-greylist grows that are too easily misconfigured,
> the more often it *will* be misconfigured, and the result
> is that internet email becomes more and more unreliable.

I agree, but there has been a milter_p0f for awhile, and I would much  
perfer to just modify greylisting based of fingerprinting results,  
than blacklist based on it, and in order for that to happen it would  
have to be understood by the greylisting milter.

And the paranoid admin that is going mess his system up with p0f  
anyways, if it isn't an option in greylisting, very well might opt for  
using the p0f milter and blacklist os's based on it.

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.