p0f

Alessandro Briosi ab1 at metalit.com
Wed Sep 14 09:30:33 CEST 2016


Il 13/09/2016 09:30, Christian Rößner ha scritto:
>> Am 12.09.2016 um 21:21 schrieb Benny Pedersen <me at junc.eu>:
>>
>> On 2016-09-12 10:37, Christian Rößner wrote:
>>
>>> /etc/local.d/p0f.start:
>>> ----------------------------
>>> #!/bin/bash
>>> cd /tmp
>>> p0f -i eth0 -u p0f -o /var/log/p0f.log "tcp dst port 25 and (dst host
>>> 134.255.226.247 or dst host 2a05:bec0::134:255:226:247)" 2>&1 |
>>> p0f-analyzer.pl 50000 &
>>> exit 0
>>> ----------------------------
>>> Sending a test mail, the log shows that p0f was called from amavisd-new.
>>> Any other ideas, please :-)
>> you imho proved p0f works and next would be why p0f-analyzer does not work with installed p0f version 2.0.0-r2 ?
>>
>> try see if unstable p0f version in gentoo works, what version is amavisd tested with ?
>>
>>> Thanks in advance
>> thanks for using gentoo and shareing ebuilds
> ;-) (NB: Are you a Gentoo-dev?)
>
> I already use the latest amavisd-new and p0f on my MX :-)
>
> Thanks
>
> Christian

Hello,
this might not be the case, but for postfix / amavis / p0f this options
should be enabled in postfix


/|lmtp_send_xforward_command|/

    Enabling /|lmtp_send_xforward_command|/ configures the Postfix
    lmtp-client to forward the original clients HELO name and IP address
    to amavisd-new. amavisd-new in turn can use these informations for

  *

    logging and notifications (macro |%a|)

  *

    switching policy banks (|MYNETS|, /|@mynetworks_maps|/)

  *

    pen pals functionality

  *

    p0f fingerprinting



Maybe your setup needs something like this.

Ciao,
Alessandro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20160914/58a324b1/attachment.html>


More information about the amavis-users mailing list