On Wed, 2004-12-01 at 03:30, Paul L Daniels wrote: > An interesting idea was floated by my eyeballs recently for combatting > invalid email (especially since zombie machines are now rather > prevailant), what if you could fingerprint the sending server and > (say) deny all Win XP/95/98 machines from sending to port 25 were > which not on your own domain.
Interesting idea. It sounds a little heavy to be doing for every inbound message, though, and it assumes that you're letting fingerprinting traffic out of your network - I, for example, block all NetBIOS and similar ports at my boundary, so fingerprinting wouldn't be useful. However, this sounds like it might be useful in Spamassassin: attempt to contact the sender on port 25, and add a little to the spamminess score if the connection is refused or times out. It might also be useful to try connecting to the backdoor ports for the better-known spam worms and add a few points if the connection succeeds. -- John Hardin Internal Systems Administrator (Seattle) CRS Retail Systems, Inc. 3400 188th Street SW, Suite 185 Lynnwood, WA 98037 voice: (425) 672-1304 fax: (425) 672-0192 email: [EMAIL PROTECTED] web: http://www.crsretail.com ----------------------------------------------------------------------- If you smash a computer to bits with a mallet, that appears to count as encryption in the state of Nevada. - CRYPTO-GRAM 12/2001 -----------------------------------------------------------------------
