Re: [exim] Use of P0f

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDave Evans at <-
MDave Lugo at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] Use of P0f
Dave Evans wrote:
> On Wed, May 13, 2009 at 11:16:20PM +0800, W B Hacker wrote:
>> In another thread covering greylisting, Mike Cardwell posted that greylisting
>> could be skipped when (among other entries):
>>
>>> 2.) If P0F detects the connecting host to be non-Windows (Used P0F for this)
>> Which sounded interesting, so....
>>
>> Using p0f with the barest of directives:
>>
>> p0f -i vr0
>>
>> What am I doing wrong w/r p0f & Exim?
>>
>> Does p0f need Exim to do a 'delay' before rejection in order to ascertain
>> the caller's OS?
>
> I've been using p0f for a while (> 1 year I think) with no problems. p0f runs
> "passively" and then Exim queries it via a ${perl expansion (though I suppose
> if I wanted to I could write a kind of exim-to-p0f proxy and use a plain
> ${readsocket instead).
>
> Currently all I'm doing with it is querying p0f from exim and logging the
> results - the results don't actually /affect/ anything (except the contents of
> the log). But to that extent, it works just fine.
>
>

Dave

Do you have any indications that p0f misses-out connections that Exim sees and logs?

I'm trying to track that down, as I am seeing it here, AND NOT just with very
short connections wherein Exim rejects in sub one-second, but also on
connections that may have lasted a full second or more.

AFAICS that is a 'fail safe' mode for the applications so far discussed.

Thanks,

Bill



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Sender callout verification on BATV signed addressesRe: [exim] allowing bind to fail->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)