$os_fingerprint_method and multiple servers

btb listsb-amavis at bitrate.net
Wed Jul 16 23:31:34 CEST 2014

On 2014.07.15 08.10, Mark Martinec wrote:
> Ben,
>> thanks for this.  if set the following:
>> my $p0f_analyzer_port = '10032';
>> $os_fingerprint_method = "p0f:*:$p0f_analyzer_port";
>> amavis logs this message:
>> Jul 14 15:56:34 mfa amavis[5329]: (05329-04) (!!)TROUBLE in check_mail:
>> os_fingerprint FAILED: Fingerprint bad IP address: ::ffff: at
>> (eval 137) line 45, <GEN43> line 40.
>> mail arrives from and
>> if i set:
>> $os_fingerprint_method = "p0f:$p0f_analyzer_port";
>> amavis seems to work as expected, and with tshark i see traffic arriving
>> at, so i believe the other bits are working properly.
>> i know that ::ffff: is an ipv4 mapped ipv6 address, but how can
>> i troubleshoot this further?
> Looks like a version of amavisd and its p0f-analyzer.pl older
> than 2.8.1.  In 2.8.1 the protocol between p0f-analyzer.pl and
> amavisd was enhanced to deal with IPv6 addresses, and in 2.9.0
> one bug regarding ipv4 mapped address normalization was fixed.
> I'm not sure if the later affects your case, but the former
> certainly does.

i was using 2.7.1.  shamefully, i was ignorant as to how old that was. 
i've upgraded to 2.9.1, and that issue seems to be resolved.  using 
$os_fingerprint_method = "p0f:*:$p0f_analyzer_port";, i now see queries 
hitting p0f-analyzer on both mail servers.  however, the following is 
now being logged:

(!!)TROUBLE in check_mail: os_fingerprint FAILED: Insecure dependency in 
socket while running with -T switch at /usr/lib/perl/5.18/IO/Socket.pm 
line 80

it also appears that this doesn't necessarily happen every time a 
message is processed.  i know that sounds odd, so this may be a 
misperception on my part.

how can i further troubleshoot this?  for reference, the os is ubuntu 
14.04, and perl is 5.18.2-2ubuntu1


More information about the amavis-users mailing list