Il 13/09/2016 09:30, Christian Rößner ha scritto:
>> Am 12.09.2016 um 21:21 schrieb Benny Pedersen :
>>
>> On 2016-09-12 10:37, Christian Rößner wrote:
>>
>>> /etc/local.d/p0f.start:
>>> --------
>>> #!/bin/bash
>>>
wrote:
>>>
>>>
>>>> /etc/local.d/p0f.start:
>>>>
>>>> #!/bin/bash
>>>> cd /tmp
>>>> p0f -i eth0 -u p0f -o /var/log/p0f.log "tcp dst port 25 and (dst host
>>>> 134.255.226.247 or dst host 2a05:bec0::134:
Christian,
A couple of ideas,
You mentioned that you se traffic on the port 5, have you tried to
analyze that traffic (with wireshark)? I attach some valid traffic
betwen amavisd-new and p0f (on port 2345), so you can compare to the
traffic you see.
Also, you should increase the logging
> Am 12.09.2016 um 21:21 schrieb Benny Pedersen :
>
> On 2016-09-12 10:37, Christian Rößner wrote:
>
>> /etc/local.d/p0f.start:
>>
>> #!/bin/bash
>> cd /tmp
>> p0f -i eth0 -u p0f -o /var/log/p0f.log "tcp dst port 25 an
On 2016-09-12 10:37, Christian Rößner wrote:
/etc/local.d/p0f.start:
#!/bin/bash
cd /tmp
p0f -i eth0 -u p0f -o /var/log/p0f.log "tcp dst port 25 and (dst host
134.255.226.247 or dst host 2a05:bec0::134:255:226:247)" 2>&1 |
p0f-analyzer.p
> Am 11.09.2016 um 15:40 schrieb Benny Pedersen :
>
> On 2016-09-11 10:21, Christian Rößner wrote:
>
>> p0f -i eth0 -u p0f "not src net x.x.x.x/x and port 25" 2>&1 |
>> p0f-analyzer.pl 5 &
>
> is your pcap filtering here cut ipv6 ?
>
Hi,
> Am 11.09.2016 um 15:40 schrieb Benny Pedersen :
>
> On 2016-09-11 10:21, Christian Rößner wrote:
>
>> p0f -i eth0 -u p0f "not src net x.x.x.x/x and port 25" 2>&1 |
>> p0f-analyzer.pl 5 &
>
> is your pcap filtering here cut ip
On 2016-09-11 10:21, Christian Rößner wrote:
p0f -i eth0 -u p0f "not src net x.x.x.x/x and port 25" 2>&1 |
p0f-analyzer.pl 5 &
is your pcap filtering here cut ipv6 ?
make it dual stacking not filtering on specifik ips, just port 25
if its not that i dont know why
Hi,
short: I do not get p0f working with amavis (I guess)
Details:
I started p0f this way:
p0f -i eth0 -u p0f "not src net x.x.x.x/x and port 25" 2>&1 | p0f-analyzer.pl
5 &
The proccesses are running:
ps auxc | grep p0f
p0f 18222 0.0 0.1 17512 4620 ?
Hi. Has anyone been able to use the new, rewritten p0f (version 3.08b)
with amavisd-new?
The old p0f's interface script (p0f-analyzer.pl) doesn't appear to work
properly with the new p0f.
Thanks for any advice.
Rich Wales
ri...@richw.org
Christian wrote:
Hi, from my point of view the default value should be 1 but I've
tested both configuration parameter,
thats why this line is still part of my configuration even if its
disabled.
The $allowed_added_header_fields{lc('X-Amavis-OS-Fingerprint')} is on by
default.
The X-Amavis-O
Hi, from my point of view the default value should be 1 but I've tested
both configuration parameter,
thats why this line is still part of my configuration even if its
disabled.
Christian
Am 2014-05-27 18:38, schrieb Quanah Gibson-Mount:
--On Tuesday, May 27, 2014 10:32 AM +0200 Christian via
--On Tuesday, May 27, 2014 10:32 AM +0200 Christian via amavis-users
wrote:
allowed_added_header_fields => {
#lc('X-Amavis-OS-Fingerprint') => 1,
The above line is commented out, so I'm guessing it is keeping the default
of 0.
--Quanah
--
Quanah Gibson-Mount
Server Architect
Zim
Hello together,
I'm using amavisd-new (1:2.7.1-2) together with p0f (2.0.8-2) and
postfix (2.11.0-1) and I've recognized yesterday that the
"X-Amavis-OS-Fingerprint" is no longer added to the email header.
I've already tried to locate the problem but I was not succ
14 matches
Mail list logo