> Actually, it appears that it's working - but only partially. > > Mails sent from some hosts get P0F headers added, and from other hosts, > get no P0F headers added. > All hosts sending mails I mention are not trusted/local hosts; just > normal ISPs offering free email. > > For example, when I sent email through poczta.interia.pl, I get P0F > headres added: > X-Spam-Status: No, score=-2.639 required=4.9 tests=[AWL=0.561, > BAYES_00=-2.599, DSPAM_HAM=-0.1, L_P0F_Unix=-0.5, SPF_PASS=-0.001] > > When the mail is sent through mail.gmx.net, it has no P0F header appended: > X-Spam-Status: No, score=-0.477 required=4.9 tests=[AWL=1.623, > BAYES_00=-2.599, DSPAM_SPAM=0.5, SPF_PASS=-0.001]
What you show is only SA rules that matched. If no rule matches a fingerprint, it does nor show in the 'tests=' list. Grep for "OS_fingerprint:" at log level 2 or above. With 2.4.3 you would see a header field in passed mail as well. If you are using my suggested set of rules, none of them match Linux hosts (because Linux falls somewhere inbetween due to many permissively configured mailers or mailing lists, so it is not an indicator neither of spam and neither of ham). Mailer on gmx.net seems to run Linux: (59045-07) OS_fingerprint: 213.165.64.20 -2.964 Linux 2.6, seldom 2.4 (older, 4) [Cable.BG / Teleca.SE] (up: 2978 hrs), (distance 17, link: ethernet/modem) Mark ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
