I made a amavisd-new setup to work with p0f.
I can see amavis uses it properly - here is a log extract when amavisd
is started in debug mode:
OS_Fingerprint code loaded
(...)
Fingerprint query: 192.168.12.6 port=2345 192.168.15.67 zcNaO8fjDked
(...)
Fingerprint collect: max_wait=0.021, 192.168.16.67 zcNaO8fjDked
Window... => Windows 2000 SP4, XP SP1+, (distance 1, link: ethernet/modem)
(...)
OS_fingerprint: 192.168.16.67 3.148 MYNETWORKS
Email was sent from a PC running Windows XP SP2 via telnet, and as we
see, it was recognized correctly.
My /etc/mail/spamassassin/local.cf contains - note the increased scores
for Windows OS I made:
header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/
score L_P0F_WXP 5.5
header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/
score L_P0F_W 5.7
Despite of these settings, that email got just about 3 points:
X-Spam-Status: No, score=3.148 required=4.9 tests=[ALL_TRUSTED=-1.8,
BAYES_50=0.001, DSPAM_SPAM=0.5, MISSING_HB_SEP=2.5,
MISSING_SUBJECT=1.816, TO_CC_NONE=0.131]
According to the settings from local.cf, it should have at least above 5.
Why isn't p0f working for me?
--
Tomasz Chmielewski
http://wpkg.org
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
