> > Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01) Fingerprint query: > > 10.10.3.244 port=1234 195.46.43.224 KgZcfI2cjZsj > > So what was the IP address reported in a "CONNECT TCP Peer" log entry? > Was it 10.10.3.244 or 10.10.3.49? > > > As you may see, in this case amavisd is trying to ask itself for p0f > > service, which is uncorrect, as the connection came from 10.10.3.49.
Where is your haproxy located? If it is sitting between MTA and a group of hosts running amavisd, then amavisd would see an IP address of a haproxy. Is haproxy sitting on 10.10.3.244? The new version of haproxy offers "Full Transparent Proxy": it is possible connect to the server with the Client's IP address or even any other IP address. This is possible only on Linux 2.4/2.6 with the cttproxy patch. This feature also makes it possible to transparently handle part of the traffic for a particular server without changing any server's address. Mark ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
