X-Amavis-OS-Fingerprint header not added (p0f)

Christian via amavis-users amavis-users at amavis.org
Tue May 27 09:32:06 CEST 2014 

Hello together,

I'm using amavisd-new (1:2.7.1-2) together with p0f (2.0.8-2) and 
postfix (2.11.0-1) and I've recognized yesterday that the 
"X-Amavis-OS-Fingerprint" is no longer added to the email header.

I've already tried to locate the problem but I was not successful. 
Possibly someone here can help me :-)
 From my point of view below are all relevant parts for the 
configuration.

P0f seems to be working correctly, because I can see the fingerprint 
results in the p0f.log and in the mail.log when I set amavisd-new to 
loglevel 5:

/var/log/p0f.log
[...]
<Sun May 25 22:09:08 2014> 91.207.212.68:41074 - Linux 2.6, seldom 2.4 
(older, 4) (up: 9737 hrs) -> 5.35.243.54:25 (distance 9, link: 
ethernet/modem)
[...]

/var/log/mail.log
[...]
May 25 22:08:51 mx02 amavis[4248]: OS_Fingerprint code  loaded
May 25 22:09:09 mx02 amavisd-milter-policy[4282]: (04282) Fingerprint 
query: [91.207.212.68]:0 lrWgXBdGrk4V (p0f-analyzer) p0f:127.0.0.1:2345
May 25 22:09:09 mx02 amavisd-milter-policy[4282]: (04282) Fingerprint 
collect: max_wait=0.000, [91.207.212.68] lrWgXBdGrk4V \r\n... =>
[...]

To start p0f I use the following parameter:

/etc/init.d/p0f
[...]
/usr/sbin/p0f -t -l -o /var/log/p0f.log -Q /var/run/p0f-sock 'tcp dst 
port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &
[...]

I've implemented amavisd-new (milter) in postfix in the following way

/etc/postfix/master.cf
smtp      inet  n       -       -       -       10       smtpd
   -o smtpd_proxy_options=speed_adjust
   -o smtp_send_xforward_command=yes
   -o smtpd_authorized_xforward_hosts=127.0.0.0/8
   -o smtpd_authorized_xclient_hosts=127.0.0.0/8
   -o smtpd_milters=,${opendmarc_milter},${amavisd_milter}

submission inet n       -       -       -       10       smtpd
   -o smtpd_sasl_auth_enable=yes
[...]

/etc/postfix/main.cf
[...]
opendmarc_milter = inet:localhost:8893
amavisd_milter   = inet:localhost:10036
[...]

My corresponding policy settings are:

/etc/amavis/conf.d/50-user
[...]
@inet_acl   = qw( 127.0.0.1 );
@mynetworks = qw( 127.0.0.0 [::1] [FE80::]/10 [FEC0::]/10 10.8.0.0/24);
[...]
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$policy_bank{'AM.PDP-SOCK'} = {
   syslog_ident => 'amavisd-milter-policy',
   protocol => 'AM.PDP',
   log_level => 1,
   smtpd_greeting_banner => '${helo-name} ${protocol} ${product} milter 
ready',

   bypass_virus_checks_maps => [0],
   virus_admin_maps => ["postmaster\@exmaple.com"],
   final_virus_destiny => D_DISCARD,
   virus_quarantine_method => 'local:virus-%m',

   os_fingerprint_method => 'p0f:127.0.0.1:2345',
#  os_fingerprint_method => 'p0f:/var/run/p0f-sock',
   originating => 0,

   bypass_spam_checks_maps => [0],
   spam_admin_maps => undef,
   final_spam_destiny => D_DISCARD,
   spam_quarantine_method => undef,

   bypass_banned_checks_maps => [0],
   final_banned_destiny => D_BOUNCE,
   banned_files_quarantine_method => 'local:ban-%m',
   banned_filename_maps => ['BLOCK_OFFICE2010'],

   bypass_header_checks_maps => [1],
   final_bad_header_destiny => D_PASS,
   bad_header_quarantine_method => 'local:badh-%m',

   spam_subject_tag_maps => '',
   spam_subject_tag2_maps => '[SPAM ?] ',
   spam_tag_level_maps =>  -100.0,
   spam_tag2_level_maps => 14.31,
   spam_dsn_cutoff_level_maps => undef,
   spam_kill_level_maps => 30,
   undecipherable_subject_tag => undef,
   sa_mail_body_size_limit => [64*1024],

   allowed_added_header_fields => {
#    lc('X-Amavis-OS-Fingerprint') => 1,
     lc('X-Virus-Scanned') => 0,
     lc('X-Spam-Level') => 0,
   },
};
[...]

More information about the amavis-users mailing list