$os_fingerprint_method and multiple servers
Mark Martinec
Mark.Martinec+amavis at ijs.si
Tue Jul 15 14:10:24 CEST 2014
Ben,
> thanks for this. if set the following:
>
> my $p0f_analyzer_port = '10032';
> $os_fingerprint_method = "p0f:*:$p0f_analyzer_port";
>
> amavis logs this message:
>
> Jul 14 15:56:34 mfa amavis[5329]: (05329-04) (!!)TROUBLE in check_mail:
> os_fingerprint FAILED: Fingerprint bad IP address: ::ffff:10.3.70.5 at
> (eval 137) line 45, <GEN43> line 40.
>
> mail arrives from 10.3.70.5 and 10.3.70.6.
>
> if i set:
>
> $os_fingerprint_method = "p0f:10.3.70.5:$p0f_analyzer_port";
>
> amavis seems to work as expected, and with tshark i see traffic arriving
> at 10.3.70.5, so i believe the other bits are working properly.
>
> i know that ::ffff:10.3.70.5 is an ipv4 mapped ipv6 address, but how can
> i troubleshoot this further?
Looks like a version of amavisd and its p0f-analyzer.pl older
than 2.8.1. In 2.8.1 the protocol between p0f-analyzer.pl and
amavisd was enhanced to deal with IPv6 addresses, and in 2.9.0
one bug regarding ipv4 mapped address normalization was fixed.
I'm not sure if the later affects your case, but the former
certainly does.
Mark
More information about the amavis-users
mailing list