On Fri, 30 Nov 2007 12:17:34 +0100 Mark Martinec <[EMAIL PROTECTED]> wrote:
> Bartek, > > > Im not sure what can be wrong, but this just simply does not work. > > Amavisd stopped to do p0f connections at all. I had to use static IP > > addresses instead of '*' which would be better of course, but that > > is because of the way in haproxy does tcp load balancing - it seems > > to Amavisd that it gets the connection to proper port (for launching > > policy banks) from itself. But still, this should work. Can anybody > > take a look and point me, where the issue is? > > Amavisd log: http://rafb.net/p/xtH2Kw18.html > > Amavisd config: http://rafb.net/p/JAicyF50.html > > Your log does not show a case which is to be investigated. > > Please show what happens when os_fingerprint_method is not > overridden in a policy bank by a fixed address, and the > global setting $os_fingerprint_method='p0f:*:1234' prevails. > > The relevant log entries are (grep for): > CONNECT TCP Peer > Fingerprint > dynamic destination > > In your case the "CONNECT TCP Peer" shows 10.10.3.244, > which is what the "dynamic destination" and the "Fingerprint" > log entries should report too. > > I hope the reported "CONNECT TCP Peer" address is the correct > address where the MTA connection really came from. If it is not, > we may have a Net::Server or a haproxy issue. If it is, > then "dynamic destination" should see it too, or it needs > to be investigated. > > > Amavisd stopped to do p0f connections at all. > > The "Fingerprint query:" log entry doesn't come up at all, > or does it show an incorrect address? > > If it doesn't come up at all, there can only be two > reasons. Here is the relevant code section: > > my($os_fingerprint_method) = c('os_fingerprint_method'); > if (!defined($os_fingerprint_method) || $os_fingerprint_method eq > '') { # no fingerprinting service configured > } elsif ($cl_ip eq '' || $cl_ip eq '0.0.0.0' || $cl_ip eq '::') { > # original client IP address not available, can't query p0f > } else { > $which_section = "os_fingerprint"; > $os_fingerprint_obj = Amavis::OS_Fingerprint->new( > > dynamic_destination($os_fingerprint_method,$conn,0), > 0.050, $cl_ip, $mail_id); > } > > So, either the os_fingerprint_method setting is empty, > or the SMTP session from a MTA did not supply a remote > client's IP address with an XFORWARD command, as it did > corectly in your log: > > ESMTP< XFORWARD NAME=anduril.amu.edu.pl ADDR=150.254.88.204 > > Perhaps you were testing manually by telnetting, and did not > supply the XFORWARD ADDR information. > > Mark > This was true, I was telnetting and trying things manually. Now I have set up test domain, and checked it as you wanted it to be: no os_fingerprint in triggered policy bank and a '*' in global config: Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) Original mail size: 1405; quota set to: 702500 bytes Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) dynamic destination: p0f:*:1234 -> p0f:[10.10.3.244]:1234 Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) Fingerprint query: 10.10.3.244 port=1234 195.46.43.224 KgZcfI2cjZsj Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) Checking: KgZcfI2cjZsj MX00 [195.46.43.224] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> As you may see, in this case amavisd is trying to ask itself for p0f service, which is uncorrect, as the connection came from 10.10.3.49. Im not sure if it is haproxy or Net::Server issue, and I have no idea how to test that, but what is more annoying, that I could walkover this bug (if it is a bug) with static ip settings for os_fingerprint_method in policy banks - but in that case nothing happens (as shown in logs from my previous post). Why is that? Bartek ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
