Jason, > I've been reading some documentation, and trying to implement p0f > fingerprint checking. > I went ahead and turned it on in my config: > $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query > p0f-analyzer.pl > > And the resulting amavisd log shows that the fingerprint code is loaded. > > I am running this from the command line for testing: > p0f -l 'tcp dst port 25' | p0f-analyzer.pl 2345 > (with p0f-analyzer in debug mode) > > I'm not getting any queries. So, I went ahead and fired up tcpdump. > Amavisd does not appear to be attempting to communicate. I can verify > this is an external host and should not be hitting the MYNETS rules.
Is amavisd getting information about client IP from MTA through XFORWARD? A client IP address should show (through macro %a) in the log, and at log level 1 also in the log entry such as: amavis[16469]: (16469-18) Checking: rhOluIzi8z9w [121.133.47.8] <xxx> -> <xxx> amavisd-new-2.4.0 release notes * preconditions are: $os_fingerprint_method must be configured, the p0f-analyzer.pl process must be running, and amavisd must be receiving client IP address information from MTA, which in a Postfix case means the XFORWARD protocol extension to SMTP must be enabled in the Postfix service feeding mail to amavisd, e.g. "-o smtp_send_xforward_command=yes", or in a sendmail/milter setup the more sophisticated AM.PDP protocol must be used; [...] Mark ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/