Bartek,
> Now I have
> set up test domain, and checked it as you wanted it to
be: no
> os_fingerprint in triggered policy bank and a '*' in
global config:
>
> Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01)
Original mail size:
> 1405; quota set to: 702500 bytes
> Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01)
dynamic
> destination: p0f :1234 ->
p0f:[10.10.3.244]:1234
> Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01)
Fingerprint query:
> 10.10.3.244 port=1234 195.46.43.224 KgZcfI2cjZsj
> Nov 30 12:48:28 scanner00 amavis[55170]: (55170-01)
> Checking: KgZcfI2cjZsj MX00 [195.46.43.224] <r robakdesign.com> ->
> <aatester.e.pl>
So what was the IP address reported in a "CONNECT TCP
Peer" log entry?
Was it 10.10.3.244 or 10.10.3.49?
> As you may see, in this case amavisd is trying to ask
itself for p0f
> service, which is uncorrect, as the connection came
from 10.10.3.49.
If the "CONNECT TCP Peer" log entry reported
10.10.3.244 but the
connection came in from 10.10.3.49, I'd like to see a
tcpdump
of a connection, taken on this host where amavisd runs
(e.g.: tcpdump -i <interface> -s 0 -w 0.log 'tcp port
10024'
or similar).
> Im not sure if it is haproxy or Net::Server issue, and
I have no idea
> how to test that, but what is more annoying, that I
could walkover this
> bug (if it is a bug) with static ip settings for
os_fingerprint_method
> in policy banks - but in that case nothing happens (as
shown in logs
> from my previous post). Why is that?
The log showed that the following query was sent:
Fingerprint query: 10.10.3.49 port=1234 150.254.88.204
o6mMHn6FYEJV
i.e., an UDP packet was sent to 10.10.3.49, port 1234.
Why a reply did not come back is to be sought in the
p0f-analyzer.pl
running on 10.10.3.49. Either it was not running, or it
refused
to listen to foreign queries: you need to adjust its
$bind_addr
and inet_acl to let it listen on an ethernet interface
(not on a
loopback interface)
my($bind_addr) = '127.0.0.1'; # bind just to a
loopback interface
my(inet_acl) = qw( 127.0.0.1 ); # list of IP addresses
from which queries
needs to be changed to something like:
my($bind_addr) = '0.0.0.0'; # bind to all IPv4
interfaces
my(inet_acl) = qw(10.10.3.244 10.10.3.245 10.10.3.246
10.10.3.247);
Mark
------------------------------------------------------------
-------------
SF.Net email is sponsored by: The Future of Linux Business
White Paper
from Novell. From the desktop to the data center, Linux is
going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
AMaViS-user mailing list
AMaViS-userlists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amav
is.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/ho
wto/
|
