Bartłomiej Rutkowski wrote:
> On Tue, 20 Nov 2007 14:45:59 +0100
> Mark Martinec <[EMAIL PROTECTED]> wrote:
>
>> Bartek,
>>
>>> I am building new mail infrastructure in my company, and I have
>>> came to place where it seems that os fingerprinting technique
>>> cannot be used.
>>>
>>> This is how the situation looks like: I have couple of smtpd servers
>>> which are collecting mails from Internet, they are working with CARP
>>> under one IP and then they are load balanced via haproxy. They got
>>> the mail, and send it for checks to other CARP group of servers
>>> with amavis installed. All of them are meant to run p0f-analyzer to
>>> give other hosts which are doing AS&AV checks bit more info, but...
>>> amavis can ask only one host for information about IP/OS.
>>>
>>> The problem is - how to make those
>>> amavis boxes to ask the proper one, this is, the one who actually
>>> handled the connection? This is serious issue as it is rendering the
>>> p0f functionality totally unusable in real life scenario - separated
>>> and load balanced hosts for receiving, checking and delivering mail.
>> amavisd can send a p0f query to the same IP address the SMTP
>> connection came from: $os_fingerprint_method = 'p0f:[*]:2345'
>> Doesn't each MTA have its own IP address on the inside?
>>
>> Mark
>>
> Well, I set it up as you pointed me to, but then I am getting:
>
> Nov 28 17:27:58 scanner00 amavis[91708]: (91708-01) (!!)TROUBLE in
> check_mail: os_fingerprint FAILED: Bad arg length for
> Socket::pack_sockaddr_in, length is 0, should be 4
> at /usr/local/lib/perl5/5.8.8/mach/Socket.pm line 373, <GEN16> line 8.
> Nov 28 17:27:58 scanner00 amavis[91708]: (91708-01) (!)PRESERVING
> EVIDENCE in /var/amavis/tmp/amavis-20071128T172758-91708
>
> and my setting looks like:
>
> $policy_bank{'MX00'} = {
> forward_method => 'smtp:[10.10.3.9]:10025',
> $os_fingerprint_method =>'p0f:[*]:1234',
> };
>
> Both amavisd and p0f are latest versions. Any clue what is going on
> here?
I think that should be * not [*], but I'm willing to be wrong.
Regards,
Rob
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
