Eddy wrote: > Hi!
> Many thanks to Gary, Daniel and Michael for their replies. > I retrieved the missing script directly from ijs.si's source, thanks ;-) > and installed it on /usr/local/bin > I patched /etc/sysconfig/p0f > +OPTIONS="-l 'dst port 25'" > I patched /etc/rc.d/init.d/p0f > - daemon p0f -d -o /var/log/p0f -q $OPTIONS "$BPFFILTER" > + echo 'p0f -q $OPTIONS "$BPFFILTER" 2>&1 | > /usr/local/bin/p0f-analyzer.pl 2345' | at now > I started it without any errors > # ps -ef said: > root 2638 2637 0 08:41 ? 00:00:00 p0f -q > root 2639 2637 0 08:41 ? 00:00:02 /usr/bin/perl -T > /usr/local/bin/p0f-analyzer.pl 2345 > strace show activities on pid 2639 > /etc/amavisd.conf was patched and restarted: > -# $os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl > +$os_fingerprint_method = 'p0f:127.0.0.1:2345'; # to query p0f-analyzer.pl > /etc/postfix/master.cf included the following and was restarted: > smtp-amavis unix - - n - 10 smtp > -o smtp_data_done_timeout=1200 > -o smtp_send_xforward_command=yes > -o disable_dns_lookups=yes > /etc/mail/spamassassin/local.cf includes: > header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/ > score L_P0F_WXP 3.5 > header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/ > score L_P0F_W 1.7 > header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/ > score L_P0F_UNKN 0.8 > header L_P0F_Unix X-Amavis-OS-Fingerprint =~ > /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/ > score L_P0F_Unix -1.0 > amavisd-new was restarted# egrep -i 'Fingerprint collect |OS_fingerprint > |suppressed for mail from > Windows|p0f' maillog > said: Jul 10 08:58:45 amavis[4946]: OS_Fingerprint code loadedCurrent time > is 11:02 so it's running > since 2 hours and egrep does not tell nothing more.It look like spamassassin > is not rating > fingerprints !Can you help ?Thanks,Eddy I have not tried the p0f setup myself yet, but amavisd-new does not log spamassassin debugging info unless it is running in debug-sa mode. I would grep for L_P0F to see if one of the rules hit. I don't know what $log_level you are at, but I think you also have to be at $log_level 2 or higher (or modify the template) to have the rules that hit logged. Gary V ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
