Skip to content

How to use Passive OS Fingerprinting (p0f) with Traffic Control

By Ken Simpson | 2 minute read

I was having an IM chat with a newly minted TC user recently, and the user asked me how he can enable the Passive OS Fingerprinting (p0f) trigger (link goes to our manual, PDF), which permits you to selectively slow down, block, or even whitelist senders based on their operating system type.

Now, before you get too excited, it’s important to note that
  1. p0f cannot detect the sender’s operating system type with 100% certainty; and,
  2. even when the correct operating system type has been identified, it’s not guaranteed that the information is useful in preventing spam.

But for those who are curious about this feature and want to give it a shot, here are some guidelines:

To enable p0f, you need to add a configuration line enabling the p0f trigger. Here’s a suggested, safe way to do that:

TriggerP0F Throttle Windows /2000|SP4/

This configuration line tells Traffic Control

  1. To apply traffic shaping (a.k.a. throttling in our documentation) to all hosts that identify as Windows machines;
  2. Except hosts that identify themselves also using the strings “2000” or “SP4,” since these identifier strings are often indicate “server” type Windows hosts.

If you want to be more aggressive, you can leave off the regular expression at the end of the line, which will cause Traffic Control to slow down all Windows traffic. We don’t recommend this policy for anyone running commercial email service, but for hobbyists who want to punish Mr. Gates’ empire, it makes for fun log file viewing.

Cut your support tickets and make customers happier