$os_fingerprint_method and multiple servers

Mark Martinec Mark.Martinec+amavis at ijs.si
Tue Jul 15 14:10:24 CEST 2014


> thanks for this.  if set the following:
> my $p0f_analyzer_port = '10032';
> $os_fingerprint_method = "p0f:*:$p0f_analyzer_port";
> amavis logs this message:
> Jul 14 15:56:34 mfa amavis[5329]: (05329-04) (!!)TROUBLE in check_mail:
> os_fingerprint FAILED: Fingerprint bad IP address: ::ffff: at
> (eval 137) line 45, <GEN43> line 40.
> mail arrives from and
> if i set:
> $os_fingerprint_method = "p0f:$p0f_analyzer_port";
> amavis seems to work as expected, and with tshark i see traffic arriving
> at, so i believe the other bits are working properly.
> i know that ::ffff: is an ipv4 mapped ipv6 address, but how can
> i troubleshoot this further?

Looks like a version of amavisd and its p0f-analyzer.pl older
than 2.8.1.  In 2.8.1 the protocol between p0f-analyzer.pl and
amavisd was enhanced to deal with IPv6 addresses, and in 2.9.0
one bug regarding ipv4 mapped address normalization was fixed.
I'm not sure if the later affects your case, but the former
certainly does.


More information about the amavis-users mailing list