$os_fingerprint_method and multiple servers
Mark Martinec
Mark.Martinec+amavis at ijs.si
Thu Jul 17 11:34:58 CEST 2014
Ben,
> i was using 2.7.1. shamefully, i was ignorant as to how old that was.
> i've upgraded to 2.9.1, and that issue seems to be resolved. using
> $os_fingerprint_method = "p0f:*:$p0f_analyzer_port";, i now see queries
> hitting p0f-analyzer on both mail servers. however, the following is
> now being logged:
>
> (!!)TROUBLE in check_mail: os_fingerprint FAILED: Insecure dependency in
> socket while running with -T switch at /usr/lib/perl/5.18/IO/Socket.pm
> line 80
> (!)PRESERVING EVIDENCE in
> /var/lib/amavis/tmp/amavis-20140716T171849-22078-oMP0fbA8
>
> it also appears that this doesn't necessarily happen every time a
> message is processed. i know that sounds odd, so this may be a
> misperception on my part.
>
> how can i further troubleshoot this? for reference, the os is ubuntu
> 14.04, and perl is 5.18.2-2ubuntu1
Hmmm. I won't be able to troubleshoot this until Monday.
Meanwhile, you can try either the alternative method with
policy banks as suggested in my first reply, or perhaps
change in amavisd near line 13030:
$os_fingerprint_obj = Amavis::OS_Fingerprint->new(
dynamic_destination($os_fingerprint_method,$conn),
0.050, $cl_ip, $msginfo->client_port, $dst_ip, $dst_port,
defined $mail_id ? $mail_id : sprintf("%08x",rand(0x7fffffff)) );
into:
$os_fingerprint_obj = Amavis::OS_Fingerprint->new(
untaint(dynamic_destination($os_fingerprint_method,$conn)),
0.050, $cl_ip, $msginfo->client_port, $dst_ip, $dst_port,
defined $mail_id ? $mail_id : sprintf("%08x",rand(0x7fffffff)) );
Mark
More information about the amavis-users
mailing list