Vincent,
> > Any volunteers to prepare a SA plugin for p0f lookup?
> > Should be quite straightforward.
> Suppose I have script like this:
...
> sub p0f_lookup {
> # get the first trusted header
> .....
> What to do next?
> I am still not clear how the fingering printing information
> get available to SA.
- somehow determine the SMTP client's IP address following SA mechanisms
on trusted/internal etc settings and parsed Received header fields.
(can't help there, ask on SA list if necessary)
This should be an IP address of the remote host which connected
to our MX host on which p0f and p0f-analyzer.pl must be running.
- query p0f-analyzer.pl process by using my example code in:
http://marc.theaimsgroup.com/?l=postfix-users&m=116312480114045
http://marc.theaimsgroup.com/?l=spamassassin-users&m=116406420110311
- the result will contain one line as returned by p0f. Plugin may
insert this information into a header, or supply it as scoring rules.
Mark
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
