Milter-greylist

I added your info to the wiki:

http://milter-greylist.wikidot.com/using-p0f

Bill Levering
idbill@...
KFP: 0C38 4D7E 5B50 94FE 992D  406D 6C81 DE33 5459 A1AC




On Mar 16, 2010, at 11:00 AM, Adam Katz wrote:

> Michael Mansour wrote:
>>> I'm running the p0f software and it is seeing the OS of
>>> connecting machines, but I'm hoping there's some help somewhere
>>> which tells me how mgl uses this and whether there's some example
>>> ACL's I could base rules on in greylist.conf?
>
> Enrico Scholz responded:
>> p0fsock "/var/run/p0frun/sock"
>>
>> racl greylist p0f "Windows.*"   delay 90m autowhite 1d msg "Please
>> come again later; mail from MS Windows based mailservers smells too
>> much like spam"
>
> I don't recommend that as it will block lots of legitimate MS Exchange
> servers.  This is in my config (feel free to change the delay time):
>
> # safe Windows hosts
> racl whitelist p0f "Windows 2003"       addheader "X-Greylist-OS: %Fx"
> racl whitelist p0f "Windows 2008"       addheader "X-Greylist-OS: %Fx"
> racl whitelist p0f "Windows 2000 SP4"   addheader "X-Greylist-OS: %Fx"
> racl greylist  p0f "Windows" \
>                delay 20m autowhite 4d  addheader "X-Greylist-OS: %Fx"
>
> That added header is picked up by SpamAssassin with this rule in  
> local.cf:
>
> header   KHOP_WIN_GREYED X-Greylist-OS =~ /Windows (?:XP|2000(?!
> SP4)|Vista)/
> describe KHOP_WIN_GREYED Sending server is a Windows desktop OS
> score    KHOP_WIN_GREYED 0.2 0.2 0.5 0.5
>
>
> Because I have whitelist lines, the whole collection is near the
> bottom of the file.  Windows 2000 SP4 creates some false negatives,
> but that's the direction I'd prefer to lean towards.  I don't think
> I've had anything hit "Windows 2008" (or anything called "Vista") yet,
> but I haven't been too attentive at looking for it either.
>
> For anybody interested in the numbers, here's a quick look at my logs:
>
> # zgrep -ho '(Windows .*->' greylist.log* |sed 's/^.//;s/)[^)]*$//'
> |sort |uniq -c |sort -n
>
>      1 Windows 95b
>      1 Windows 98 (8)
>      1 Windows 98 (low TTL) (2)
>      1 Windows SP3
>      1 Windows XP, 2000 SP2+
>      4 Windows XP/2000 while downloading (leak!)
>     14 Windows 98 (9)
>     16 Windows 98 (15)
>     20 Windows 98 (4)
>     20 Windows 98 (no sack)
>     23 Windows 98 (1)
>     29 Windows 98 (6)
>     32 Windows 2003 (2)
>     42 Windows 98 (10)
>     47 Windows XP SP1+, 2000 SP4 (3)
>    103 Windows XP/2000 (RFC1323+, w, tstamp+)
>    171 Windows XP SP1+, 2000 SP3 (2)
>    233 Windows 2003 (1)
>    259 Windows XP/2000 (RFC1323+, w, tstamp-)
>    391 Windows XP/2000 (RFC1323+, w+, tstamp+)
>    552 Windows 2000 SP4, XP SP1+ (2)
>    837 Windows XP/2000
>   1040 Windows XP SP1+, 2000 SP3
>   1417 Windows XP/2000 (RFC1323+, w+, tstamp-)
>   7193 Windows 2000 SP2+, XP SP1+ (seldom 98)
>  26492 Windows 2000 SP4, XP SP1+
>
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>