X-Amavis-OS-Fingerprint header not added (p0f)
Christian via amavis-users
amavis-users at amavis.org
Tue May 27 09:32:06 CEST 2014
Hello together,
I'm using amavisd-new (1:2.7.1-2) together with p0f (2.0.8-2) and
postfix (2.11.0-1) and I've recognized yesterday that the
"X-Amavis-OS-Fingerprint" is no longer added to the email header.
I've already tried to locate the problem but I was not successful.
Possibly someone here can help me :-)
From my point of view below are all relevant parts for the
configuration.
P0f seems to be working correctly, because I can see the fingerprint
results in the p0f.log and in the mail.log when I set amavisd-new to
loglevel 5:
/var/log/p0f.log
[...]
<Sun May 25 22:09:08 2014> 91.207.212.68:41074 - Linux 2.6, seldom 2.4
(older, 4) (up: 9737 hrs) -> 5.35.243.54:25 (distance 9, link:
ethernet/modem)
[...]
/var/log/mail.log
[...]
May 25 22:08:51 mx02 amavis[4248]: OS_Fingerprint code loaded
May 25 22:09:09 mx02 amavisd-milter-policy[4282]: (04282) Fingerprint
query: [91.207.212.68]:0 lrWgXBdGrk4V (p0f-analyzer) p0f:127.0.0.1:2345
May 25 22:09:09 mx02 amavisd-milter-policy[4282]: (04282) Fingerprint
collect: max_wait=0.000, [91.207.212.68] lrWgXBdGrk4V \r\n... =>
[...]
To start p0f I use the following parameter:
/etc/init.d/p0f
[...]
/usr/sbin/p0f -t -l -o /var/log/p0f.log -Q /var/run/p0f-sock 'tcp dst
port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &
[...]
I've implemented amavisd-new (milter) in postfix in the following way
/etc/postfix/master.cf
smtp inet n - - - 10 smtpd
-o smtpd_proxy_options=speed_adjust
-o smtp_send_xforward_command=yes
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8
-o smtpd_milters=,${opendmarc_milter},${amavisd_milter}
submission inet n - - - 10 smtpd
-o smtpd_sasl_auth_enable=yes
[...]
/etc/postfix/main.cf
[...]
opendmarc_milter = inet:localhost:8893
amavisd_milter = inet:localhost:10036
[...]
My corresponding policy settings are:
/etc/amavis/conf.d/50-user
[...]
@inet_acl = qw( 127.0.0.1 );
@mynetworks = qw( 127.0.0.0 [::1] [FE80::]/10 [FEC0::]/10 10.8.0.0/24);
[...]
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$policy_bank{'AM.PDP-SOCK'} = {
syslog_ident => 'amavisd-milter-policy',
protocol => 'AM.PDP',
log_level => 1,
smtpd_greeting_banner => '${helo-name} ${protocol} ${product} milter
ready',
bypass_virus_checks_maps => [0],
virus_admin_maps => ["postmaster\@exmaple.com"],
final_virus_destiny => D_DISCARD,
virus_quarantine_method => 'local:virus-%m',
os_fingerprint_method => 'p0f:127.0.0.1:2345',
# os_fingerprint_method => 'p0f:/var/run/p0f-sock',
originating => 0,
bypass_spam_checks_maps => [0],
spam_admin_maps => undef,
final_spam_destiny => D_DISCARD,
spam_quarantine_method => undef,
bypass_banned_checks_maps => [0],
final_banned_destiny => D_BOUNCE,
banned_files_quarantine_method => 'local:ban-%m',
banned_filename_maps => ['BLOCK_OFFICE2010'],
bypass_header_checks_maps => [1],
final_bad_header_destiny => D_PASS,
bad_header_quarantine_method => 'local:badh-%m',
spam_subject_tag_maps => '',
spam_subject_tag2_maps => '[SPAM ?] ',
spam_tag_level_maps => -100.0,
spam_tag2_level_maps => 14.31,
spam_dsn_cutoff_level_maps => undef,
spam_kill_level_maps => 30,
undecipherable_subject_tag => undef,
sa_mail_body_size_limit => [64*1024],
allowed_added_header_fields => {
# lc('X-Amavis-OS-Fingerprint') => 1,
lc('X-Virus-Scanned') => 0,
lc('X-Spam-Level') => 0,
},
};
[...]
More information about the amavis-users
mailing list