At 05:20 AM 6/19/2007, Cami Sardinha wrote: >The correct place to do this is inside of Policyd. > >P0f needs to be running on your MX machines and it >builds a "list" of ip addresses + os. When a request >from Postfix -> Policyd arrives, Policyd will query >the p0f cache (via pipe/socket) and then apply the >necessary restrictions. It's not brain surgery to do >but i don't have the time to do it. > >Cami
I agree this would be a great feature to add to policyd! The amavisd-new project includes a utility p0f-analyzer.pl which runs and does all the O/S fingerprint caching for inbound connections. Here's the descrip of the app from Mark Martinec the author. # This is p0f-analyzer.pl, a program to continuously read log reports from p0f # utility, keep results in cache for a couple of minutes, and answer queries # over UDP from some program (like amavisd-new) about collected data. The utility works great, perhaps policyd could make use of it and make the task a lot easier? - Nate ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
