Issue regarding header checks
Hi, I have configured postfix to DISCARD messages with specific To: header using the rule below : - header_checks=pcre:/etc/postfix/header_checks cat /etc/postfix/header_checks : /^To: (\d)+@test\.com/i DISCARD So basically any email sent as num...@test.com should be discarded. However this rule doesn't work seen from logs : - Jul 25 11:22:03 mailhost postfix/smtpd[1134]: 3D67AD763D: client=test.com [10.117.82.152] Jul 25 11:22:03 mailhost postfix/cleanup[1138]: 3D67AD763D: message-id= 576774775.0.1311573122768.javamail.r...@test.com Jul 25 11:22:03 mailhost postfix/qmgr[29582]: 3D67AD763D: from= ad...@test.com, size=617, nrcpt=1 (queue active) Jul 25 11:22:03 mailhost postfix/smtpd[1134]: disconnect from test.com [10.117.82.152] Jul 25 11:22:03 mailhost amavis[28069]: (28069-01) ESMTP::10024 /usr/local/amavis/tmp/amavis-20110725T112203-28069: ad...@test.com - 919923600...@test.com SIZE=617 Received: from test.com ([127.0.0.1]) by localhost (test.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for 919923600...@test.com; Mon, 25 Jul 2011 11:22:03 +0530 (IST) Jul 25 11:22:03 mailhost amavis[28069]: (28069-01) Checking: rsPpnJ-irXBH MYNETS [10.117.82.152] ad...@test.com - 919923600...@test.com Jul 25 11:22:08 mailhost postfix/smtpd[1178]: connect from localhost.localdomain[127.0.0.1] Jul 25 11:22:08 mailhost postfix/smtpd[1178]: 0A369D765F: client=localhost.localdomain[127.0.0.1] Jul 25 11:22:08 mailhost postfix/cleanup[1138]: 0A369D765F: message-id= 576774775.0.1311573122768.javamail.r...@test.com Jul 25 11:22:08 mailhost amavis[28069]: (28069-01) FWD via SMTP: ad...@test.com - 919923600...@test.com,BODY=7BIT 250 2.0.0 Ok, id=28069-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0A369D765F Is this because I have webmail running on same server and mynetworks have 127.0.0.0/8 10.117.82.152 ? I am out of ideas and tried all things even :- /^To: .*/i DISCARD but nothing seems to be working. Any advice on what could be wrong ? Regards, Punit
Re: Issue regarding header checks
* punit jain contactpunitj...@gmail.com: Hi, I have configured postfix to DISCARD messages with specific To: header using the rule below : - header_checks=pcre:/etc/postfix/header_checks cat /etc/postfix/header_checks : /^To: (\d)+@test\.com/i DISCARD So basically any email sent as num...@test.com should be discarded. No. Any mail containing a TO: header with numb...@test.com should bei discarded! /usr/local/amavis/tmp/amavis-20110725T112203-28069: ad...@test.com - 919923600...@test.com SIZE=617 Received: from test.com ([127.0.0.1]) by localhost (test.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for 919923600...@test.com; Mon, 25 Jul 2011 11:22:03 +0530 (IST) This doesn't log the To: header -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
'smtpd_proxy_filter' and 'action DISCARD'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have used a content_filter and changed my configuration to smtpd_proxy_filter. In my configuration I use spamtrap email addresses with action discard. After I changed my configuration to smtpd_proxy_filter I got the following messages. - -%- access table hash:/etc/postfix/spamtrap: with smtpd_proxy_filter specified, action DISCARD is unavailable - -%- I take a look to the documentation, but I found nothing about this. I changed the action to REJECT. What can I do to configure the spamtrap addresses with smtpd_proxy_filter? Regards Ralf -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJOLTaXAAoJENVjhbwuX+/Hh8oIAK6ym/GFE+ZXL+m5ZQj96v9S moyGaOEhvwbvXAzJ+2p3uNF2B/nGZcx132xhWQuybEWGx0KP4DjDoZHgdazMAj76 oqgH5Wlxp1oSyVqwr8Rnze84s4zeOngvgxI/x30MaJkZ42zpsjr5laRucsIhzlsg eOHoJUw2Y+ObMjloPQATM02mlnvgCAMulKwN00AgLZkFK3Mlup2+YF47LQhxWXI9 1LRm15hhallXnL0kHjQ0BbFjs81wimO3E2mqDHmJxdFX5B6x2uRZb/Byqhe5Jpiz LAKo9OYM43JLf3sJgmsyPs2o4FGQJ3hDsfAwq05g3Nx9XSHWs/QJ05D3nah3Joo= =e9YY -END PGP SIGNATURE-
mail clients stop sending mail
Hullo users, I am trying to block/blacklist a recipient email address from receiving mail from my mail server. But When i do the configuration below in postfix , , smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/recipient_access I can not send mail outside using mail clients , Couls someone advise on How best can i do this ? Thanx in advance
Re: mail clients stop sending mail
Am 25.07.2011 11:30, schrieb kibirango moses: Hullo users, I am trying to block/blacklist a recipient email address from receiving mail from my mail server. But When i do the configuration below in postfix , , ?? sorry you want to block what ? smtpd_recipient_restrictions = check_sender_access hash:/etc/postfix/recipient_access I can not send mail outside using mail clients , Couls someone advise on How best can i do this ? Thanx in advance check_sender_access type:table Search the specified access(5) database for the MAIL FROM address, domain, parent domains, or localpart@, and execute the corresponding action. -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
virtual domain can't recieve mail
hi all; I am using postfix-2.3.3-2.3.el5_6,dovecot-1.2.17-0_115.el5 on centos 5.6.I have two domains and iam using virtual domains the problem is one domain is working fin ewhile the other can't send mail when i check for mx record it can't reach it.i don't know if i am missing some configuration or the problem is with dns.any one can help me because iam new to linux and postfix thanks
Re: rewriting local users to user@domain instat of user@host.domain
I have read and re-read this pages and other documents but still it seems not to work I have changed a few things in my configuration: in main.cf I have changfed myorigen from myorigen=host.domain.tld into myorigen=$mydomain (mydomain=domain.tld) NOW the from is rewriten, so i have a good return address mydestination=localhost, localhost@localdomain local_header_rewrite_clients=static:all remote_header_domain_rewrite=domain.tld maquerade_domains=host.domain.tld domain.tld BUT still i cant change the local TO adress from host.domain.tld to domain.tld Why i want this. (I dont want real UNIX users with mail, because the same password is used and this password is often sent over the internet.) I have all virtual domains. local users can sent a message, i want one of the virtual domains added and receive answers in the virtual mailboxes I want mail by the system sent correctly to my virtual mailbox. I'm still thinking about using cannonical for message TO ?rewrite and .forward for systemmail Someone a nice idea Thanks Erik - Original Message - From: Noel Jones njo...@megan.vbhcs.org To: postfix-users@postfix.org Sent: Wednesday, July 20, 2011 6:51 PM Subject: Re: rewriting local users to user@domain instat of user@host.domain On 7/20/2011 11:33 AM, Erik - versatel wrote: Hai, In my configuration as i login localy - with only a username and no domain and i send an email to myself it is rewriten to: user@host.domain Question: is it possible to rewrite this to user@domain In that case locale emails come in a mailbox i will see. Or is there an other solution to send (forward) mail from user automatically to user@domain Please see: http://www.postfix.org/ADDRESS_REWRITING_README.html and possibly: http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade -- Noel Jones
Re: virtual domain can't recieve mail
Excerpts from Amira Othman's message of Mon Jul 25 12:17:46 +0200 2011: I am using postfix-2.3.3-2.3.el5_6,dovecot-1.2.17-0_115.el5 on centos 5.6.I Consider upgrading to 2.8. I tried 2.2 in the past and failed. Don't know whether 2.3.3 works much better. Marc Weber
Re: virtual domain can't recieve mail
On 7/25/2011 6:17 AM, Amira Othman wrote: hi all; I am using postfix-2.3.3-2.3.el5_6,dovecot-1.2.17-0_115.el5 on centos 5.6.I have two domains and iam using virtual domains the problem is one domain is working fin ewhile the other can't send mail when i check for mx record it can't reach it.i don't know if i am missing some configuration or the problem is with dns.any one can help me because iam new to linux and postfix thanks Welcome to the list! Unfortunately, you seem to have missed the important welcome message: TO REPORT A PROBLEM, PLEASE SEE http://www.postfix.org/DEBUG_README.html#mail; Thank you
Re: 'smtpd_proxy_filter' and 'action DISCARD'
Ralf Zimmermann: Hi, I have used a content_filter and changed my configuration to smtpd_proxy_filter. In my configuration I use spamtrap email addresses with action discard. After I changed my configuration to smtpd_proxy_filter I got the following messages. -%- access table hash:/etc/postfix/spamtrap: with smtpd_proxy_filter specified, action DISCARD is unavailable -%- As the message suggests, the DISCARD action is not implemented for before-queue content filters. Actually, DISCARD could be implemented, but other actions such as FILTER and REDIRECT definitely cannot, because they require an action by the post-filter MTA, and there is no way request that action through an SMTP-based filter. I take a look to the documentation, but I found nothing about this. I changed the action to REJECT. What can I do to configure the spamtrap addresses with smtpd_proxy_filter? Maybe the before-queue filter can discard the message instead. Wietse
Re: Issue regarding header checks
* Ralf Hildebrandt ralf.hildebra...@charite.de: * punit jain contactpunitj...@gmail.com: Hi, I have configured postfix to DISCARD messages with specific To: header using the rule below : - header_checks=pcre:/etc/postfix/header_checks cat /etc/postfix/header_checks : /^To: (\d)+@test\.com/i DISCARD So basically any email sent as num...@test.com should be discarded. No. Any mail containing a TO: header with numb...@test.com should bei discarded! /usr/local/amavis/tmp/amavis-20110725T112203-28069: ad...@test.com - 919923600...@test.com SIZE=617 Received: from test.com ([127.0.0.1]) by localhost (test.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for 919923600...@test.com; Mon, 25 Jul 2011 11:22:03 +0530 (IST) This doesn't log the To: header Meaning: You cannot be sure it HAS the proper header. /^To:/ WARN -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Issue regarding header checks
/^To: (\d)+@test\.com/i DISCARD So basically any email sent as num...@test.com should be discarded. No. Any mail containing a TO: header with numb...@test.com should bei discarded! How do we make sure this only applies to outgoing messages and doesnot ffect incoming ? Regards, Punit
Re: Issue regarding header checks
Thanks I forgot to update it did work
Problems migrating CentOS 6
I've been running a postfix server on CentOS 5 for a while with no problem. I set up a new CentOS 6 box with postfix, and basically transplanted my configs across to the new one. The service starts, but doesn't work properly: it doesn't accept email on 25 or 587 (TLS), but instead this appears in the maillog: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory Jul 25 17:12:44 helios postfix/master[14239]: warning: process /usr/libexec/postfix/smtpd pid 14436 exit status 1 Jul 25 17:12:44 helios postfix/master[14239]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: [root@helios postfix]# ls -la virtual.db -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db SELinux is disabled on this system, so it's not an obscure issue with security contexts and mislabelling. Am I missing something? Thanks, Jonathan
Re: Problems migrating CentOS 6
Jonathan Gazeley: I've been running a postfix server on CentOS 5 for a while with no problem. I set up a new CentOS 6 box with postfix, and basically transplanted my configs across to the new one. The service starts, but doesn't work properly: it doesn't accept email on 25 or 587 (TLS), but instead this appears in the maillog: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory Jul 25 17:12:44 helios postfix/master[14239]: warning: process /usr/libexec/postfix/smtpd pid 14436 exit status 1 Jul 25 17:12:44 helios postfix/master[14239]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: [root@helios postfix]# ls -la virtual.db -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db SELinux is disabled on this system, so it's not an obscure issue with security contexts and mislabelling. Am I missing something? Try turning off chroot. It is a magic cure for mysterious errors. http://www.postfix.org/DEBUG_README.html#no_chroot Wietse
Re: Problems migrating CentOS 6
On 07/25/2011 05:42 PM, Wietse Venema wrote: Jonathan Gazeley: I've been running a postfix server on CentOS 5 for a while with no problem. I set up a new CentOS 6 box with postfix, and basically transplanted my configs across to the new one. The service starts, but doesn't work properly: it doesn't accept email on 25 or 587 (TLS), but instead this appears in the maillog: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory Jul 25 17:12:44 helios postfix/master[14239]: warning: process /usr/libexec/postfix/smtpd pid 14436 exit status 1 Jul 25 17:12:44 helios postfix/master[14239]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: [root@helios postfix]# ls -la virtual.db -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db SELinux is disabled on this system, so it's not an obscure issue with security contexts and mislabelling. Am I missing something? Try turning off chroot. It is a magic cure for mysterious errors. http://www.postfix.org/DEBUG_README.html#no_chroot Thanks for the tip. Chroot is already turned off for all components in master.cf, though. Wietse
Re: Problems migrating CentOS 6
Jonathan Gazeley: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: [root@helios postfix]# ls -la virtual.db -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db Another possibility is that Berkeley DB returns an ENOENT error for reasons other than that the file does not exist. For example, I recall that an early version of ReiserFS returning ENOENT errors on an open file handle because they could not find something. In that case, the OS kernel returned an ENOENT even though the file could be opened. However, if postmap -s /etc/postfix/virtual can read the file as root, but smtpd cannot open the file as root before it drops privileges, then I suspect a security configuration error, like, perhaps SeLinux is not turned off after all. Look in your system/security logs. Wietse
Re: Problems migrating CentOS 6
On 07/25/2011 06:12 PM, Wietse Venema wrote: Jonathan Gazeley: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: [root@helios postfix]# ls -la virtual.db -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db Another possibility is that Berkeley DB returns an ENOENT error for reasons other than that the file does not exist. For example, I recall that an early version of ReiserFS returning ENOENT errors on an open file handle because they could not find something. In that case, the OS kernel returned an ENOENT even though the file could be opened. However, if postmap -s /etc/postfix/virtual can read the file as root, but smtpd cannot open the file as root before it drops privileges, then I suspect a security configuration error, like, perhaps SeLinux is not turned off after all. Look in your system/security logs. Odd. Until now I had been doing postmap /etc/postfix/virtual (without -s). Since I saw your email, I tried it with -s, it returned the same error message on the first occasion, but worked thereafter. The mail system seems to work now - thanks. Cheers, Jonathan
Re: Problems migrating CentOS 6
On Mon, Jul 25, 2011 at 05:20:07PM +0100, Jonathan Gazeley wrote: [root@helios postfix]# ls -la virtual.db -rw-r--r--. 1 root mail 12288 Jul 25 17:05 virtual.db This file have security attributes assigned. SELinux is disabled on this system, so it's not an obscure issue with security contexts and mislabelling. This does not match the output above. If selinux is disabled, a new file would not get a tag. Bastian -- Get back to your stations! We're beaming down to the planet, sir. -- Kirk and Mr. Leslie, This Side of Paradise, stardate 3417.3
Re: rewriting local users to user@domain instat of user@host.domain
On 2011-07-25 14:22, Erik - versatel wrote: I have read and re-read this pages and other documents but still it seems not to work I have changed a few things in my configuration: in main.cf I have changfed myorigen from myorigen=host.domain.tld into myorigen=$mydomain (mydomain=domain.tld) NOW the from is rewriten, so i have a good return address mydestination=localhost, localhost@localdomain That is not valid syntax for mydestination. local_header_rewrite_clients=static:all remote_header_domain_rewrite=domain.tld maquerade_domains=host.domain.tld domain.tld Please, PLEASE, COPY AND PASTE the output of postconf -n. Don't try to copy it by hand, this will get you nowhere with typos like this. BUT still i cant change the local TO adress from host.domain.tld to domain.tld If the above is really in main.cf, it won't - but then again, that should probably crash postfix altogether. Why i want this. (I dont want real UNIX users with mail, because the same password is used and this password is often sent over the internet.) I have no idea what you think this means. I have all virtual domains. Except for localhost, then. local users can sent a message, i want one of the virtual domains added and receive answers in the virtual mailboxes What's to say they can't ? I want mail by the system sent correctly to my virtual mailbox. Then you must alias the local root address - or whichever local address system mail goes to - to a virtual one. I'm still thinking about using cannonical for message TO ?rewrite and .forward for systemmail Neither is required; use masquerade_domains for the domain rewrite, and a local alias for the system mail. Someone a nice idea Chocolate-covered cashews. -- J.
Re: virtual domain can't recieve mail
On Mon, Jul 25, 2011 at 04:59:32PM +0200, Marc Weber wrote: I am using postfix-2.3.3-2.3.el5_6,dovecot-1.2.17-0_115.el5 on centos 5.6.I Consider upgrading to 2.8. I tried 2.2 in the past and failed. Don't know whether 2.3.3 works much better. While the older releases are no longer maintained, and upgrades are encouraged, it is NOT the case that the older releases are substantially defective, and do not function as designed. For 2.3, the only critical patch is the one for CVE-2011-1720, which is only needed at sites that provide SASL authentication and offer two or more mechanisms other than PLAIN. Vendor distributions of 2.3.3 should be patched by now, so if the OP is using the latest vendor update of this RPM, it should function as designed, and provide a usable set of features from Postfix 2.3. An upgrade is only *required*, if the OP needs specific features from 2.4 or later. -- Viktor.
Re: Problems migrating CentOS 6
On Mon, Jul 25, 2011 at 05:20:07PM +0100, Jonathan Gazeley wrote: I've been running a postfix server on CentOS 5 for a while with no problem. I set up a new CentOS 6 box with postfix, and basically transplanted my configs across to the new one. The service starts, but doesn't work properly: it doesn't accept email on 25 or 587 (TLS), but instead this appears in the maillog: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory Jul 25 17:12:44 helios postfix/master[14239]: warning: process /usr/libexec/postfix/smtpd pid 14436 exit status 1 Jul 25 17:12:44 helios postfix/master[14239]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: My guess (you neither provide postconf -n output, nor specify what postmap incantation was used to create the virtual.db file) is that the .db files in question may not of the expected dictionary type. Perhaps they're hash instead of btree, or btree instead of hash. Another possibility is that the postmap(1) binary in question is linked with a different Berkeley DB library than smtpd(8) (mixed Postfix install with admin utilities in sbin from a different Postfix version than the libexec daemons). -- Viktor.
Re: Problems migrating CentOS 6
Victor Duchovni: On Mon, Jul 25, 2011 at 05:20:07PM +0100, Jonathan Gazeley wrote: I've been running a postfix server on CentOS 5 for a while with no problem. I set up a new CentOS 6 box with postfix, and basically transplanted my configs across to the new one. The service starts, but doesn't work properly: it doesn't accept email on 25 or 587 (TLS), but instead this appears in the maillog: Jul 25 17:12:43 helios postfix/smtpd[14436]: fatal: open database /etc/postfix/virtual.db: No such file or directory Jul 25 17:12:44 helios postfix/master[14239]: warning: process /usr/libexec/postfix/smtpd pid 14436 exit status 1 Jul 25 17:12:44 helios postfix/master[14239]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling I do have a virtual.db, though. I deleted all my *.db and recreated them with postmap to ensure they were OK. The ownership and perms seem OK: My guess (you neither provide postconf -n output, nor specify what postmap incantation was used to create the virtual.db file) is that the .db files in question may not of the expected dictionary type. Perhaps they're hash instead of btree, or btree instead of hash. Another possibility is that the postmap(1) binary in question is linked with a different Berkeley DB library than smtpd(8) (mixed Postfix install with admin utilities in sbin from a different Postfix version than the libexec daemons). As of Postfix 2.4, all binaries are stamped with version information: % strings /usr/libexec/postfix/* /usr/sbin/post* /usr/sbin/sendmail | grep mail_version= | sort | uniq -c 41 mail_version=2.9-20110706 All 41 program files have the same version. Maybe we should also bury the compile-time options (the EXPORT string in $config_directory/makedefs.out) information into the executables and examine them with a similar query as above: % strings [files] | egrep '(mail_version|build_info)=' | sort | uniq -c The output should then be the same for all program files. Another idea is to add a -F (fingerprint) command-line option to every executable that dumps mail_version and build_info information. Some people may not be comfortable with egrep and such. Wietse
Re: Problems migrating CentOS 6
Victor Duchovni: On Mon, Jul 25, 2011 at 03:52:31PM -0400, Wietse Venema wrote: Another idea is to add a -F (fingerprint) command-line option to every executable that dumps mail_version and build_info information. Some people may not be comfortable with egrep and such. If we're to go to all the trouble, likely the -F approach seems to make more sense. On the other hand, with Debian builds where libglobal, ... are separate shared libraries, do we fingerprint libglobal, or the calling executable? (Do we call a function in the library or clone it into each executable). Taking the example from SASL and Berkeley DB, the library should have a version() function whose output can be checked against compile-time #defines; if the compile time version does not match the run-time linked version, the warranty is void. This means that people can no longer safely do make upgrade on a running Postfix system, even if it is just a patchlevel change, because postfix-internal function interfaces sometimes change. This makes internal interface changes much more visible. Ebedding static variables into each executable unasks the question, and we can also include similar statics in each library. All this said, I doubt it is worth the effort. The existing fingerprints are probably enough. The odds of the same version installed with different build options is quite small. Wietse
Re: Problems migrating CentOS 6
On Mon, Jul 25, 2011 at 04:44:25PM -0400, Wietse Venema wrote: All this said, I doubt it is worth the effort. The existing fingerprints are probably enough. The odds of the same version installed with different build options is quite small. That's essentially my view. -- Viktor.