Bartek,
> Im not sure what can be wrong, but this just simply does not work.
> Amavisd stopped to do p0f connections at all. I had to use static IP
> addresses instead of '*' which would be better of course, but that is
> because of the way in haproxy does tcp load balancing - it seems to
> Amavisd that it gets the connection to proper port (for launching
> policy banks) from itself. But still, this should work. Can anybody
> take a look and point me, where the issue is?
> Amavisd log: http://rafb.net/p/xtH2Kw18.html
> Amavisd config: http://rafb.net/p/JAicyF50.html
Your log does not show a case which is to be investigated.
Please show what happens when os_fingerprint_method is not
overridden in a policy bank by a fixed address, and the
global setting $os_fingerprint_method='p0f:*:1234' prevails.
The relevant log entries are (grep for):
CONNECT TCP Peer
Fingerprint
dynamic destination
In your case the "CONNECT TCP Peer" shows 10.10.3.244,
which is what the "dynamic destination" and the "Fingerprint"
log entries should report too.
I hope the reported "CONNECT TCP Peer" address is the correct
address where the MTA connection really came from. If it is not,
we may have a Net::Server or a haproxy issue. If it is,
then "dynamic destination" should see it too, or it needs
to be investigated.
> Amavisd stopped to do p0f connections at all.
The "Fingerprint query:" log entry doesn't come up at all,
or does it show an incorrect address?
If it doesn't come up at all, there can only be two
reasons. Here is the relevant code section:
my($os_fingerprint_method) = c('os_fingerprint_method');
if (!defined($os_fingerprint_method) || $os_fingerprint_method eq '') {
# no fingerprinting service configured
} elsif ($cl_ip eq '' || $cl_ip eq '0.0.0.0' || $cl_ip eq '::') {
# original client IP address not available, can't query p0f
} else {
$which_section = "os_fingerprint";
$os_fingerprint_obj = Amavis::OS_Fingerprint->new(
dynamic_destination($os_fingerprint_method,$conn,0),
0.050, $cl_ip, $mail_id);
}
So, either the os_fingerprint_method setting is empty,
or the SMTP session from a MTA did not supply a remote
client's IP address with an XFORWARD command, as it did
corectly in your log:
ESMTP< XFORWARD NAME=anduril.amu.edu.pl ADDR=150.254.88.204
Perhaps you were testing manually by telnetting, and did not
supply the XFORWARD ADDR information.
Mark
-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
