Author: W B Hacker Date: To: exim users Subject: Re: [exim] Use of P0f
Dave Evans wrote: > On Wed, May 13, 2009 at 11:16:20PM +0800, W B Hacker wrote:
>> In another thread covering greylisting, Mike Cardwell posted that greylisting
>> could be skipped when (among other entries):
>>
>>> 2.) If P0F detects the connecting host to be non-Windows (Used P0F for this)
>> Which sounded interesting, so....
>>
>> Using p0f with the barest of directives:
>>
>> p0f -i vr0
>>
>> What am I doing wrong w/r p0f & Exim?
>>
>> Does p0f need Exim to do a 'delay' before rejection in order to ascertain
>> the caller's OS?
>
> I've been using p0f for a while (> 1 year I think) with no problems. p0f runs
> "passively" and then Exim queries it via a ${perl expansion (though I suppose
> if I wanted to I could write a kind of exim-to-p0f proxy and use a plain
> ${readsocket instead).
>
> Currently all I'm doing with it is querying p0f from exim and logging the
> results - the results don't actually /affect/ anything (except the contents of
> the log). But to that extent, it works just fine.
>
>
Dave
Do you have any indications that p0f misses-out connections that Exim sees and logs?
I'm trying to track that down, as I am seeing it here, AND NOT just with very
short connections wherein Exim rejects in sub one-second, but also on
connections that may have lasted a full second or more.
AFAICS that is a 'fail safe' mode for the applications so far discussed.