p0f milter for Postfix?

[Rich Wales]

Hi.  Does a milter or other solution exist to allow Postfix to insert OS
fingerprint information into incoming e-mail via p0f?

I know it's possible to insert p0f info via amavisd-new, but I'm running
MX hosts in front of my mail server (where I run amavisd-new), and if
I'm going to use p0f, I assume I need to run it on my MX hosts and not
on the mail server itself (since p0f on my mail server would be
fingerprinting my MX hosts and not the actual source of a message).

I would, of course, be using the rewritten p0f (version 3.08b).

Thanks for any suggestions.

Rich Wales
ri...@richw.org

Re: Copy mail from specific email address to specific email address to other accounts

[@lbutlr]

On Sun Feb 07 2016 12:15:14 Wietse Venema    said:
> 
> @lbutlr:
>> /usr/local/etc/postfix which has a symlink at /etc/psotfix and
> 
> That is unlikely.

 $ ls -lsd /etc/postfix   
0 lrwxr-xr-x  1 root  wheel  22 Jul 20  2015 /etc/postfix -> 
/usr/local/etc/postfix

>> postmap -q -q ja...@example.com hash:/usr/local/etc/postfix/virtual returns 
>> exactly the same results.
> 
> And that is simply not possible.

unmunged:

 $ postmap -q ja...@xanmax.com hash:/usr/local/etc/postfix/virtual 
xander+ja...@xanmax.com,kris+ja...@kreme.com,lb+ja...@kreme.com
 $ postmap -q ja...@xanmax.com hash:/etc/postfix/virtual 
xander+ja...@xanmax.com,kris+ja...@kreme.com,lb+ja...@kreme.com


> Perhaps someone else has time to debug made-up and incomplete
> information.

If it is incomplete, I am happy to provide anything you want. It is certainly 
not made up.


-- 
I thank my lucky stars I'm not superstitious.

Re: Copy mail from specific email address to specific email address to other accounts

[Viktor Dukhovni]

> On Feb 7, 2016, at 3:16 PM, @lbutlr  wrote:
> 
>> That is unlikely.
> 
> $ ls -lsd /etc/postfix   
> 0 lrwxr-xr-x  1 root  wheel  22 Jul 20  2015 /etc/postfix -> 
> /usr/local/etc/postfix

In that case s/unlikely/unwise/ or perhaps "unlikely to be 
useful/work-as-intended".

Basically, don't do that.

-- 
Viktor.

Re: postfix with mysql - too many connections

[Wietse Venema]

Mathias Rothe:
> As workaround I used now proxymap and the problems are solved:

This is not a workaround. Sharing connections is the recommended
configuration.

> But I think it would be a better way, if postfix could close the mysql 
> connections immediately after receiving the data and not hold opened 
> until the mail is fully delivered.

Doing a connect+close for every query would reduce performance on a
high-volume server.

Wietse

Re: Copy mail from specific email address to specific email address to other accounts

[Wietse Venema]

Viktor Dukhovni:
> 
> > On Feb 7, 2016, at 3:16 PM, @lbutlr  wrote:
> > /usr/local/etc/postfix which has a symlink at /etc/psotfix and
> > 
> >> That is unlikely.
> > 
> > $ ls -lsd /etc/postfix   
> > 0 lrwxr-xr-x  1 root  wheel  22 Jul 20  2015 /etc/postfix -> 
> > /usr/local/etc/postfix
> 
> In that case s/unlikely/unwise/ or perhaps "unlikely to be 
> useful/work-as-intended".

No, it is unlikely, because he said it was linked to /etc/psotfix.

The email had errors in command (postmap -q -q) and pathname
(/etc/psotfix) information. If someone else wants to give it
a try, they are most welcome.

Wietse

Re: Copy mail from specific email address to specific email address to other accounts

[@lbutlr]

On Sun Feb 07 2016 10:06:37 Wietse Venema    said:
> 
> @lbutlr:
>> On Feb 6, 2016, at 5:33 PM, Wietse Venema  wrote:
>>> @lbutlr:
 # postmap -q ja...@example.com hash:/etc/postfix/virtual 
 john+ja...@example.com,kreme+ja...@kreme.com,fred+ja...@kreme.com
 
 The address I am redirecting to is getting sent to dovecot without
 hitting virtual.
>>> 
>>> You haven't shown that Postfix is configured to use that table.
>> 
>> To use virtual?
>> 
>> Yeah, I have dozens of things in virtual. If that failed things
>> would go pear-shaped very quickly.
>> 
>> # postconf virtual_alias_maps
>> virtual_alias_maps = hash:$config_directory/virtual 
>> proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
> 
> What is config_directory?

/usr/local/etc/postfix which has a symlink at /etc/psotfix and

postmap -q -q ja...@example.com hash:/usr/local/etc/postfix/virtual returns 
exactly the same results.


> The same program that does the sender_bcc_maps lookups also does
> the virtual_alias_maps expansions. You can't have one without the
> other unless you have "-o name=value" settings in master.cf.

smtp   unix  -   -   n   -   -   smtp
smtp   inet  n   -   n   -   1   postscreen
smtpd  pass  -   -   n   -   -   smtpd
dnsblogunix  -   -   n   -   0   dnsblog
tlsproxy   unix  -   -   n   -   0   tlsproxy
submission inet  n   -   n   -   -   smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_security_options=noanonymous
-o smtpd_sasl_path=private/auth
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=
-o 
smtpd_relay_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_helo_restrictions=
-o 
smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o syslog_name=submit-tls
pickup fifo  n   -   n   60  1   pickup
cleanupunix  n   -   n   -   0   cleanup
qmgr   fifo  n   -   n   300 1   qmgr
rewriteunix  -   -   n   -   -   trivial-rewrite
bounce unix  -   -   n   -   0   bounce
defer  unix  -   -   n   -   0   bounce
flush  unix  n   -   n   1000?   0   flush
proxymap   unix  -   -   n   -   -   proxymap
relay  unix  -   -   n   -   -   smtp
showq  unix  n   -   n   -   -   showq
error  unix  -   -   n   -   -   error
local  unix  -   n   n   -   -   local
virtualunix  -   n   n   -   -   virtual
lmtp   unix  -   -   n   -   -   lmtp
dovecotunix  -   n   n   -   -   pipe flags=DRhu
user=vpopmail:vchkpw argv=/usr/local/libexec/dovecot/dovecot-lda -f
${sender} -d ${user}@${nexthop} -m ${extension}
policyd-spf unix -   n   n   -   0   spawn user=nobody
argv=/usr/local/bin/policyd-spf
trace  unix  -   -   n   -   0   bounce
verify unix  -   -   n   -   1   verify
anvil  unix  -   -   n   -   1   anvil
scache unix  -   -   n   -   1   scache
discardunix  -   -   n   -   -   discard
tlsmgr unix  -   -   n   1000?   1   tlsmgr
retry  unix  -   -   n   -   -   error
proxywrite unix  -   -   n   -   1   proxymap
smtp-amavis unix -   -   n   -   2   smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n   -   n   -   -   smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

The sender address is triggering the REDIRECT, but the redirect fails with a 
user unknown (by dovecot), so dovecot is getting the redirect address without 
it going through virtual. That’s the only way that dovecot could ever see that 
address since if it went to the virtual table, it would disappear, replaced by 
the value side of the virtual table.

postmap has been run on virtual, and there are no complaints on postfix reload.

$ grep warning /var/log/maillog 
Feb  7 00:05:23 mail postfix/smtpd[34494]: warning: hostname richtime.fvds.ru 

Re: Copy mail from specific email address to specific email address to other accounts

[Wietse Venema]

@lbutlr:
> On Feb 6, 2016, at 5:33 PM, Wietse Venema  wrote:
> > @lbutlr:
> >> # postmap -q ja...@example.com hash:/etc/postfix/virtual 
> >> john+ja...@example.com,kreme+ja...@kreme.com,fred+ja...@kreme.com
> >> 
> >> The address I am redirecting to is getting sent to dovecot without
> >> hitting virtual.
> > 
> > You haven't shown that Postfix is configured to use that table.
> 
> To use virtual?
> 
> Yeah, I have dozens of things in virtual. If that failed things
> would go pear-shaped very quickly.
> 
> # postconf virtual_alias_maps
> virtual_alias_maps = hash:$config_directory/virtual 
> proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf

What is config_directory?

The same program that does the sender_bcc_maps lookups also does
the virtual_alias_maps expansions. You can't have one without the
other unless you have "-o name=value" settings in master.cf.

Wietse

Re: Copy mail from specific email address to specific email address to other accounts

[Wietse Venema]

@lbutlr:
> /usr/local/etc/postfix which has a symlink at /etc/psotfix and

That is unlikely.

> postmap -q -q ja...@example.com hash:/usr/local/etc/postfix/virtual returns 
> exactly the same results.

And that is simply not possible.

Perhaps someone else has time to debug made-up and incomplete
information.

Wietse

Re: Copy mail from specific email address to specific email address to other accounts

[LuKreme]

On Feb 7, 2016, at 14:12, Wietse Venema  wrote:
> Viktor Dukhovni:
>> 
>>> On Feb 7, 2016, at 3:16 PM, @lbutlr  wrote:
>>> /usr/local/etc/postfix which has a symlink at /etc/psotfix and
>>> 
 That is unlikely.
>>> 
>>> $ ls -lsd /etc/postfix   
>>> 0 lrwxr-xr-x  1 root  wheel  22 Jul 20  2015 /etc/postfix -> 
>>> /usr/local/etc/postfix
>> 
>> In that case s/unlikely/unwise/ or perhaps "unlikely to be 
>> useful/work-as-intended".
> 
> No, it is unlikely, because he said it was linked to /etc/psotfix.

I said that /usr/local/etc/postfix HAS a symlink at /etc/postfix/.

> The email had errors in command (postmap -q -q) and pathname
> (/etc/psotfix) information. If someone else wants to give it
> a try, they are most welcome.

All config files are in /usr/local/etc/postfix/, /etcpostfix is just a link.

Postmap -q returns th correct value, postfix itself does not access the virtual 
table for the header_checks or sender_bcc_maps or check_sender_access. I've 
provided unmunged postmap and master.cf. there are no errors or warnings in the 
logs.

I don't know what to do now, and I don't understand at all why you think I am 
lying.