I've got p3scan running, but I can't seem to work out what I need to do
to get it to work with PF.
I get output like this:
P3Scan p3scan[4028]: P3Scan Version 1.0
p3scan[4028]: Selected scannertype: basic (Basic file invocation scanner)
p3scan[4028]: Listen now on 192.168.1.100:8110
p3scan[4028]: Changing uid (we are root)
p3scan[4028]: Changed UID.GID to 1008.1008
p3scan[4028]: RX compiled succesfully
p3scan[4028]: Waiting for connections.....
p3scan[4028]: Forked, pid=4029, numprocs=1
p3scan[4029]: setting the virusdir to /var/spool/p3scan/children/4029/
p3scan[4029]: Initialize Context
p3scan[4029]: starting proxy
p3scan[4029]: Connection from 192.168.1.102:1111
p3scan[4029]: Real-server adress is 192.168.1.100:8110
p3scan[4029]: starting mainloop
p3scan[4028]: Forked, pid=4030, numprocs=2
p3scan[4030]: setting the virusdir to /var/spool/p3scan/children/4030/
p3scan[4030]: Initialize Context
p3scan[4030]: starting proxy
p3scan[4030]: Connection from 192.168.1.100:55153
p3scan[4030]: Real-server adress is 192.168.1.100:8110
p3scan[4030]: Oops, that would loop!
p3scan[4030]: Session done (Critial abort). Mails: 0 Bytes: 0
I think the problem is that p3scan is receiving POP3 traffic directed to
the local address, so it assumes that the ultimate destination is
itself. Hence the "oops, that would loop" error.
I'm using these rules in pf.conf
# Redirect POP3 traffic from local network to p3scan (a POP3 proxy
which passes mail through spam checker)
rdr on $int_intfc proto tcp from $win_machine to any port 110 ->
$int_intfc port 8110
nat on $int_intfc proto tcp from $win_machine to $int_intfc port
110 -> $int_intfc
(I've tried with and without the nat line - which I only added because
all the working examples using IPTABLES seem to use a nat line first.)
I'm out of ideas. I can't work out how I can get p3scan to receive the
POP3 traffic, and still know where the traffic was originally destined for.
Anyone had any luck with this already?
--
Bob
