Olivier, > Now it is working, it leads to another question: how the fingerprint > is being used by amavisd-new? How can it be used to compute some > validity of a message?
amavisd prepends a header field 'X-Amavis-OS-Fingerprint: ...' (with information obtained from p0f) to a mail message as given to SpamAssassin, which may then use the info in its rules. Search RELEASE_NOTES for: - passive operating-system fingerprinting (p0f) support lets SA gain information about SMTP client's operating system and estimated IP distance, [...] A but further down in the release notes you can find a set of rules that can be given to SpamAssassin (e.g. in a file 'local.cf'). I find it particularly useful to reduce false positives on BOTNET rules, but rules like L_P0F_WXP and L_P0F_W are quite useful by themselves to indicate a mail likely to be coming from some infected home PC. Mark ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
