subject:"\[Patch\] p0f and selective greylisting"

Re: [Patch] p0f and selective greylisting

2007-01-09 Thread Justin Piszcz

It is an excellent patch, however there is a problem with p0f-analyzer.

top - 04:36:22 up 14:34, 127 users,  load average: 1.00, 1.00, 1.00
Tasks: 408 total,   2 running, 404 sleeping,   2 stopped,   0 zombie
Cpu(s): 43.4%us, 15.4%sy,  0.1%ni, 35.8%id,  5.0%wa,  0.1%hi,  0.1%si,  
0.0%st
Mem:   3896000k total,  1969832k used,  1926168k free,0k buffers
Swap:  8393920k total,   80k used,  8393840k free,   981784k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
  959 root  25   0  4676 2492 1760 R   99  0.1 871:05.39 p0f-analyzer.pl

It has been chewing CPU for a while, this script has bugs :(

A strace reveals:

select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])
time(NULL)  = 1168162563
read(0, , 1024)   = 0
select(8, [0 3], NULL, NULL, NULL)  = 1 (in [0])


On Tue, 9 Jan 2007, Robert Felber wrote:

 On Wed, Jan 03, 2007 at 04:13:03PM +0200, Henrik Krohns wrote:
  
  Hi, I whipped up a patch for policyd-weight-devel.
  
  It adds p0f scoring support and greylisting (to be exact, user defined
  postfix action) by some rules.
 
 Thanks. Looks very interesting. I will dive in.
 
 
 -- 
 Robert Felber (PGP: 896CF30B)
 Munich, Germany
 
 
 Policyd-weight Mailinglist - http://www.policyd-weight.org/
 


Policyd-weight Mailinglist - http://www.policyd-weight.org/

Re: [Patch] p0f and selective greylisting

2007-01-08 Thread Robert Felber

On Wed, Jan 03, 2007 at 04:13:03PM +0200, Henrik Krohns wrote:
 
 Hi, I whipped up a patch for policyd-weight-devel.
 
 It adds p0f scoring support and greylisting (to be exact, user defined
 postfix action) by some rules.

Thanks. Looks very interesting. I will dive in.


-- 
Robert Felber (PGP: 896CF30B)
Munich, Germany


Policyd-weight Mailinglist - http://www.policyd-weight.org/

Re: [Patch] p0f and selective greylisting

2007-01-04 Thread Justin Piszcz

Yet another way to combat spam, very impressive!

Justin.

On Wed, 3 Jan 2007, Henrik Krohns wrote:

 
 Hi, I whipped up a patch for policyd-weight-devel.
 
 It adds p0f scoring support and greylisting (to be exact, user defined
 postfix action) by some rules.
 
 There are some little details missing, p0f scoring does not affect other
 scores (maybe it would help) and greylisting decisions are not cached. I'm a
 bit too busy to check it more, so I leave it up to Robert if he wants..
 
 URL: http://hege.li/policyd-weight/greylist-p0f.diff
 
 Cheers,
 Henrik
 
 
 Policyd-weight Mailinglist - http://www.policyd-weight.org/
 


Policyd-weight Mailinglist - http://www.policyd-weight.org/

SPAM SPAM Re: [Patch] p0f and selective greylisting

2007-01-04 Thread Gary V

Justin wrote:

 Yet another way to combat spam, very impressive!

 Justin.

 On Wed, 3 Jan 2007, Henrik Krohns wrote:

 
 Hi, I whipped up a patch for policyd-weight-devel.
 
 It adds p0f scoring support and greylisting (to be exact, user defined
 postfix action) by some rules.
 
 There are some little details missing, p0f scoring does not affect other
 scores (maybe it would help) and greylisting decisions are not cached. I'm a
 bit too busy to check it more, so I leave it up to Robert if he wants..
 
 URL: http://hege.li/policyd-weight/greylist-p0f.diff
 
 Cheers,
 Henrik


So far I'm lovin' it.

Jan  4 08:49:54 mail postfix/policydweight[3736]: weighted check:
 NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
  NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5
   RESOLVED_IP_IS_NOT_HELO=1.5 (check from:
.itripipod. - helo: .localhost. - helo-domain: .localhost.)
  FROM_NOT_FAILED_HELO(DOMAIN)=3 P0F_WINXP=2
  client=86.193.177.153 helo=localhost
  [EMAIL PROTECTED] [EMAIL PROTECTED], rate: 3.5
  
Jan  4 08:49:54 mail postfix/policydweight[3736]: decided action=check_greylist

Jan  4 08:49:54 mail postfix/smtpd[3733]: NOQUEUE: reject: RCPT from
 ALyon-254-1-38-153.w86-193.abo.wanadoo.fr[86.193.177.153]: 450
  [EMAIL PROTECTED]: Recipient address rejected:
   Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/example.com.html;
from=[EMAIL PROTECTED] to=[EMAIL PROTECTED]
 proto=SMTP helo=localhost

~
Jan  4 12:27:20 mail postfix/policydweight[3617]: weighted check:
 NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 IN_BL_NJABL=4.25
  CL_IP_EQ_FROM_MX=-3.1 P0F_LINUX=-1 client=83.133.120.8
  helo=r.therewarddeals.com [EMAIL PROTECTED]
   [EMAIL PROTECTED], rate: -2.85

Jan  4 12:27:20 mail postfix/policydweight[3617]: decided action=check_greylist

Gary V


Policyd-weight Mailinglist - http://www.policyd-weight.org/

SPAM SPAM Re: SPAM SPAM Re: [Patch] p0f and selective greylisting

2007-01-04 Thread Justin Piszcz

Lets hope Robert accepts the patch :)

On Thu, 4 Jan 2007, Gary V wrote:

 Justin wrote:
 
  Yet another way to combat spam, very impressive!
 
  Justin.
 
  On Wed, 3 Jan 2007, Henrik Krohns wrote:
 
  
  Hi, I whipped up a patch for policyd-weight-devel.
  
  It adds p0f scoring support and greylisting (to be exact, user defined
  postfix action) by some rules.
  
  There are some little details missing, p0f scoring does not affect other
  scores (maybe it would help) and greylisting decisions are not cached. I'm 
  a
  bit too busy to check it more, so I leave it up to Robert if he wants..
  
  URL: http://hege.li/policyd-weight/greylist-p0f.diff
  
  Cheers,
  Henrik
 
 
 So far I'm lovin' it.
 
 Jan  4 08:49:54 mail postfix/policydweight[3736]: weighted check:
  NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
   NOT_IN_BL_NJABL=-1.5 CL_IP_NE_HELO=1.5
RESOLVED_IP_IS_NOT_HELO=1.5 (check from:
 .itripipod. - helo: .localhost. - helo-domain: .localhost.)
   FROM_NOT_FAILED_HELO(DOMAIN)=3 P0F_WINXP=2
   client=86.193.177.153 helo=localhost
   [EMAIL PROTECTED] [EMAIL PROTECTED], rate: 3.5
   
 Jan  4 08:49:54 mail postfix/policydweight[3736]: decided 
 action=check_greylist
 
 Jan  4 08:49:54 mail postfix/smtpd[3733]: NOQUEUE: reject: RCPT from
  ALyon-254-1-38-153.w86-193.abo.wanadoo.fr[86.193.177.153]: 450
   [EMAIL PROTECTED]: Recipient address rejected:
Greylisted, see http://isg.ee.ethz.ch/tools/postgrey/help/example.com.html;
 from=[EMAIL PROTECTED] to=[EMAIL PROTECTED]
  proto=SMTP helo=localhost
 
 ~
 Jan  4 12:27:20 mail postfix/policydweight[3617]: weighted check:
  NOT_IN_ZEN_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 IN_BL_NJABL=4.25
   CL_IP_EQ_FROM_MX=-3.1 P0F_LINUX=-1 client=83.133.120.8
   helo=r.therewarddeals.com [EMAIL PROTECTED]
[EMAIL PROTECTED], rate: -2.85
 
 Jan  4 12:27:20 mail postfix/policydweight[3617]: decided 
 action=check_greylist
 
 Gary V
 
 
 Policyd-weight Mailinglist - http://www.policyd-weight.org/
 


Policyd-weight Mailinglist - http://www.policyd-weight.org/

Re: [Patch] p0f and selective greylisting

Re: [Patch] p0f and selective greylisting

Re: [Patch] p0f and selective greylisting

SPAM SPAM Re: [Patch] p0f and selective greylisting

SPAM SPAM Re: SPAM SPAM Re: [Patch] p0f and selective greylisting

5 matches

Site Navigation

Mail list logo

Footer information

Re: [Patch] p0f and selective greylisting

Re: [Patch] p0f and selective greylisting

Re: [Patch] p0f and selective greylisting

***SPAM*** ***SPAM*** Re: [Patch] p0f and selective greylisting

***SPAM*** ***SPAM*** Re: ***SPAM*** ***SPAM*** Re: [Patch] p0f and selective greylisting

5 matches

Mail list logo

SPAM SPAM Re: [Patch] p0f and selective greylisting

SPAM SPAM Re: SPAM SPAM Re: [Patch] p0f and selective greylisting