On Fri, 24 Nov 2006, Mark Martinec wrote:
>>> A third way would be to write a SA plugin that would query
>>> p0f-analyzer directly, after obtaining client IP address
>>> from the first trusted Received header field, which is
>>> already parsed and known by SA. This would perhaps be the
>>> most general purpose solution, and other users of SA would
>>> benefit.
>>
>> Indeed, that sounds like the ideal solution. I've never
>> looked at writing SA plugins though, and not enough time
>> to do it now, so I guess I'll have to forego p0f for now. :-(
>> Maybe later...
>
> Any volunteers to prepare a SA plugin for p0f lookup?
> Should be quite straightforward.
Hi Mark,
Suppose I have script like this:
package P0f;
use Mail::SpamAssassin::Plugin;
use Mail::SpamAssassin::Logger;
use strict;
use warnings;
use bytes;
use vars qw(@ISA);
@ISA = qw(Mail::SpamAssassin::Plugin);
sub new {
my $class = shift;
my $mailsaobject = shift;
$class = ref($class) || $class;
my $self = $class->SUPER::new($mailsaobject);
bless ($self, $class);
$self->register_eval_rule("p0f_lookup");
return $self;
}
sub p0f_lookup {
my ($self, $pms) = @_;
# get the first trusted header
if ($pms->{num_relays_trusted} > 0) {
my $frstru = $pms->{relays_trusted}->[-1];
......
.....
What to do next?
}
}
I am still not clear how the fingering printing information get available
to SA.
>
> Mark
>
Vincent Li http://pingpongit.homelinux.com
Opensource .Implementation. .Consulting.
Platform .Fedora. .Debian. .Mac OS X.
Blog http://bl0g.blogdns.com
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
