Gary V wrote: > Tomasz wrote: > >> After I sent the post, I was beginning to wonder if it has anything to >> do with that CAPS-LOCK printed text saying "MYNETWORKS" :) > >> I'll test it tomorrow. > >> Does it add anything to the headers, when you have a "hit" (mail from >> another network)? > > I got this from computerworld.com: > > X-Spam-Status: No, score=-29.852 required=5 tests=[BAYES_00=-2.599, > DATE_IN_PAST_12_24=1.247, L_P0F_WXP=1.5, USER_IN_WHITELIST=-30] > X-Amavis-OS-Fingerprint: Windows XP Pro SP1, 2000 SP3, (distance 18, link: > ethernet/modem), [199.92.213.72] > > And from this list: > > X-Spam-Status: No, score=-2.599-9 required=5 tests=[BAYES_00=-2.599] > X-Amavis-OS-Fingerprint: Linux 2.5 (sometimes 2.4) (4) (up: 3043 hrs), > (distance 14, link: ethernet/modem), [66.35.250.225]
Unfortunately, my amavis doesn't add anything :( - so it looks like it isn't working properly? I have amavisd-new 2.4.2 and SpamAssassin 3.1.5. This is what I added to amavisd.conf to enable fingerprinting analysis: $os_fingerprint_method = 'p0f:192.168.14.1:2345'; p0f is running on a Postfix machine, and as amavis log say, they communicate just fine: OS_Fingerprint code loaded Fingerprint query: 192.168.14.1 port=2345 66.35.250.225 f+C1CsprhHKQ Fingerprint collect: max_wait=0.000, 66.35.250.225 f+C1CsprhHKQ Linux 2.... => Linux 2.6, seldom 2.4 (older, 4) (up: 3165 hrs), (distance 16, link: ethernet/modem) OS_fingerprint: 66.35.250.225 -2.565 Linux 2.6, seldom 2.4 (older, 4) (up: 3165 hrs), (distance 16, link: ethernet/modem) I added this to the bottom of /etc/mail/spamassassin/local.cf: header L_P0F_WXP X-Amavis-OS-Fingerprint =~ /^Windows XP/ score L_P0F_WXP 1.5 header L_P0F_W X-Amavis-OS-Fingerprint =~ /^Windows(?! XP)/ score L_P0F_W 1.0 header L_P0F_UNKN X-Amavis-OS-Fingerprint =~ /^UNKNOWN/ score L_P0F_UNKN 0.001 header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|HP-UX|Tru64/ score L_P0F_Unix -0.5 But it doesn't seem to work for me. Can that be that there's something not right with spamassassin? When I run: spamassassin -D --lint 2>&1 | grep -i finger I get no "finger" (nor p0f) lines displayed (perhaps it shouldn't be displayed anyway)? -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
