Mark Martinec wrote: >> Actually, it appears that it's working - but only partially. >> >> Mails sent from some hosts get P0F headers added, and from other hosts, >> get no P0F headers added. >> All hosts sending mails I mention are not trusted/local hosts; just >> normal ISPs offering free email. >> >> For example, when I sent email through poczta.interia.pl, I get P0F >> headres added: >> X-Spam-Status: No, score=-2.639 required=4.9 tests=[AWL=0.561, >> BAYES_00=-2.599, DSPAM_HAM=-0.1, L_P0F_Unix=-0.5, SPF_PASS=-0.001] >> >> When the mail is sent through mail.gmx.net, it has no P0F header appended: >> X-Spam-Status: No, score=-0.477 required=4.9 tests=[AWL=1.623, >> BAYES_00=-2.599, DSPAM_SPAM=0.5, SPF_PASS=-0.001] > > What you show is only SA rules that matched. If no rule matches a fingerprint, > it does nor show in the 'tests=' list. Grep for "OS_fingerprint:" at log > level > 2 or above. With 2.4.3 you would see a header field in passed mail as well. > > If you are using my suggested set of rules, none of them match Linux > hosts (because Linux falls somewhere inbetween due to many permissively > configured mailers or mailing lists, so it is not an indicator neither > of spam and neither of ham). Mailer on gmx.net seems to run Linux: > > (59045-07) OS_fingerprint: 213.165.64.20 -2.964 Linux 2.6, seldom 2.4 > (older, 4) [Cable.BG / Teleca.SE] (up: 2978 hrs), > (distance 17, link: ethernet/modem)
Yes, at first I thought it just doesn't match Linux in local.cf, so I added it: header L_P0F_Unix X-Amavis-OS-Fingerprint =~ /^((Free|Open|Net)BSD)|Solaris|Linux|HP-UX|Tru64/ score L_P0F_Unix -0.5 This is the log for some hosts containing "Linux": Fingerprint collect: max_wait=0.000, 80.228.252.4 R9strlMULY08 Linux 2.6... => Linux 2.6, seldom 2.4 (older, 4) (up: 5081 hrs), (distance 10, link: ethernet/modem) OS_fingerprint: 80.228.252.4 0.472 Linux 2.6, seldom 2.4 (older, 4) (up: 5081 hrs), (distance 10, link: ethernet/modem) Fingerprint collect: max_wait=0.000, 66.35.250.225 KdrjOa2YYRfK Linux 2.... => Linux 2.6, seldom 2.4 (older, 4) (up: 3183 hrs), (distance 16, link: ethernet/modem) OS_fingerprint: 66.35.250.225 -2.615 Linux 2.6, seldom 2.4 (older, 4) (up: 3183 hrs), (distance 16, link: ethernet/modem) Fingerprint collect: max_wait=0.000, 212.227.126.183 iAHoKCMc1ap7 Linux ... => Linux 2.6? (barebone, rare!), (distance 9, link: ethernet/modem) OS_fingerprint: 212.227.126.183 -0.503 Linux 2.6? (barebone, rare!), (distance 9, link: ethernet/modem) So it should match it as well, shouldn't it? This one does match though :) header L_P0F_Linux X-Amavis-OS-Fingerprint =~ /^Linux/ score L_P0F_Linux -0.1 Any ideas why /^((Free|Open|Net)BSD)|Solaris|Linux|HP-UX|Tru64/ doesn't match? "Coz Linux ain't Unix"? :) -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
