On Thu, 15 Feb 2007, Giampaolo Tomassoni wrote: > From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] Behalf Of Vincent >> >> On Fri, 26 Jan 2007, Giampaolo Tomassoni wrote: >> >>> Why does the p0f-analyzer.pl script exists? >>> >>> I see that the p0f tool is capable of caching a specified >> amount of request, and then reply to queries issues through a unix socket. >>> >>> This in native C-language, which often means reduced size and >> increased performance with respect to perl's p0f-analyzer.pl. >>> >>> Giampaolo. >> >> If I understand correctly, when you are running p0f with -Q (unix socket) >> option, there is no easy way to get the tcp source port and put it in >> the query packets to get the correct cached result. I don't know if there >> is MTA or smtp implementation to cache smtp client tcp source port. > > There is something new in p0f-2.0.8: the source port can be "wildcarded" > using the value 0. > > p0f has to be run with the '-0' flag to enable this mode. > > A new SA p0f plugin "personality" could be worked out in order to by-pass > p0f-analyzer.pl. > > Is anybody working on this? > > Cheers, > > Giampaolo >
Hi Giampaolo, I have made SpamAssassin plugin to query a local stream socket when run p0f with -Q option. The limitation is that SA and Amavisd-new has to run on MX server because the socket can only listen on local socket stream, not like p0f-analyzer can listen on UDP stream. You can check the tarball from here: http://bl0g.blogdns.com/code2007/sa-p0f-plugin.tar Cheers, Vincent http://bl0g.blogdns.com ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
