Hosting Provided By

Re: [AMaViS-user] p0f-analyzer load balancing problem

From: BartÅ‚omiej Rutkowski <brutkowski(at)lerkins.com>
Date: Wed Nov 28 2007 - 10:32:06 EST

On Tue, 20 Nov 2007 14:45:59 +0100
Mark Martinec <Mark.Martinec+amavis@ijs.si> wrote:

> Bartek,
>
> > I am building new mail infrastructure in my company, and I have
> > came to place where it seems that os fingerprinting technique
> > cannot be used.
> >
> > This is how the situation looks like: I have couple of smtpd servers
> > which are collecting mails from Internet, they are working with CARP
> > under one IP and then they are load balanced via haproxy. They got
> > the mail, and send it for checks to other CARP group of servers
> > with amavis installed. All of them are meant to run p0f-analyzer to
> > give other hosts which are doing AS&AV checks bit more info, but...
> > amavis can ask only one host for information about IP/OS.
> >
> > The problem is - how to make those
> > amavis boxes to ask the proper one, this is, the one who actually
> > handled the connection? This is serious issue as it is rendering the
> > p0f functionality totally unusable in real life scenario - separated
> > and load balanced hosts for receiving, checking and delivering mail.
>
> amavisd can send a p0f query to the same IP address the SMTP
> connection came from: $os_fingerprint_method = 'p0f:[*]:2345'
> Doesn't each MTA have its own IP address on the inside?
>
> Mark
>

Well, I set it up as you pointed me to, but then I am getting:

Nov 28 17:27:58 scanner00 amavis[91708]: (91708-01) (!!)TROUBLE in check_mail: os_fingerprint FAILED: Bad arg length for Socket::pack_sockaddr_in, length is 0, should be 4 at /usr/local/lib/perl5/5.8.8/mach/Socket.pm line 373, <GEN16> line 8. Nov 28 17:27:58 scanner00 amavis[91708]: (91708-01) (!)PRESERVING EVIDENCE in /var/amavis/tmp/amavis-20071128T172758-91708

and my setting looks like:

$policy_bank{'MX00'} = {
forward_method => 'smtp:[10.10.3.9]:10025', $os_fingerprint_method =>'p0f:[*]:1234', };

Both amavisd and p0f are latest versions. Any clue what is going on here?

Kind regards,
Bartek Rutkowski

SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4

AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ Received on Wed Nov 28 10:33:31 2007

This message: [ Message body ]
Next message: Robert Brooks: "Re: [AMaViS-user] p0f-analyzer load balancing problem"
Previous message: Patrick Domack: "Re: [AMaViS-user] queue active problem"
In reply to: Mark Martinec: "Re: [AMaViS-user] p0f-analyzer load balancing problem"
Next in thread: Robert Brooks: "Re: [AMaViS-user] p0f-analyzer load balancing problem"
Reply: Robert Brooks: "Re: [AMaViS-user] p0f-analyzer load balancing problem"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Tue Jul 15 2008 - 08:49:14 EDT

Do you need help?