Jason,
> I've been reading some documentation, and trying to implement p0f
> fingerprint checking.
> I went ahead and turned it on in my config:
> $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query
> p0f-analyzer.pl
>
> And the resulting amavisd log shows that the fingerprint code is loaded.
>
> I am running this from the command line for testing:
> p0f -l 'tcp dst port 25' | p0f-analyzer.pl 2345
> (with p0f-analyzer in debug mode)
>
> I'm not getting any queries. So, I went ahead and fired up tcpdump.
> Amavisd does not appear to be attempting to communicate. I can verify
> this is an external host and should not be hitting the MYNETS rules.
Is amavisd getting information about client IP from MTA through XFORWARD?
A client IP address should show (through macro %a) in the log,
and at log level 1 also in the log entry such as:
amavis[16469]: (16469-18) Checking: rhOluIzi8z9w [121.133.47.8] <xxx> -> <xxx>
amavisd-new-2.4.0 release notes
* preconditions are: $os_fingerprint_method must be configured, the
p0f-analyzer.pl process must be running, and amavisd must be receiving
client IP address information from MTA, which in a Postfix case means
the XFORWARD protocol extension to SMTP must be enabled in the Postfix
service feeding mail to amavisd, e.g. "-o smtp_send_xforward_command=yes",
or in a sendmail/milter setup the more sophisticated AM.PDP protocol
must be used;
[...]
Mark
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
