Debian Bug report logs - #388207
amavisd-new: use p0f's cache & query mode instead of p0f-analyze

Reply or subscribe to this bug.

Display info messages

Message #5 received at [email protected] (full text, mbox, reply):

From: Paul Traina <[email protected]>

To: Debian Bug Tracking System <[email protected]>

Subject: amavisd-new: use p0f's cache & query mode instead of p0f-analyze

Date: Tue, 19 Sep 2006 00:54:24 -0700

Package: amavisd-new
Version: 1:2.4.2-1
Severity: wishlist

Please forward upstream as you see appropriate.

p0f has the ability to run as a daemon and support queries via a unix
named pipe interface into the cache.  Before p0f 2.0.7, this interface
wasn't useful to amavis because queries required a source port and
address for the inbound smtp connection and all amavis knew was the
source address.

This was fixed in 2.0.7 and later with the '-0' option.

The p0f analyze script is a tad complex and yet another piece of software
that needs to be debugged and maintained for security issues.  There is
no clean and good way to run p0f and the analyze script as daemons under
the debian start stop daemon process.  However, p0f-analyze really serves
no purpose if amavis can make direct queries of the p0f daemon.

Please fix amavis to make direct queries of the p0f daemon.  Here's an
example code fragment that shows how easy this actually is:

Start p0f with something like:

p0f -i any -u amavis -Q /var/run/amavis/amavis_p0f.sock -0 -MVT10 -qKU \
	'dst port 25'

Query p0f with code that looks like this:

http://www.tuxland.pl/misc/os-greylist.pl

This file is a postfix plugin, but the query code is obvious and it should
be fairly easy to replace the os fingerprint code in amavis right now.

Paul




-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (650, 'testing'), (600, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages amavisd-new depends on:
ii  adduser                       3.97       Add and remove users and groups
ii  debconf [debconf-2.0]         1.5.3      Debian configuration management sy
ii  file                          4.17-3     Determines file type using "magic"
ii  libarchive-tar-perl           1.30-1     Archive::Tar - manipulate tar file
ii  libarchive-zip-perl           1.16-1     Module for manipulation of ZIP arc
ii  libberkeleydb-perl            0.29-1     use Berkeley DB 4 databases from P
ii  libcompress-zlib-perl         1.42-1     Perl module for creation and manip
ii  libconvert-tnef-perl          0.17-5     Perl module to read TNEF files
ii  libconvert-uulib-perl         1.06-1     Perl interface to the uulib librar
pn  libdigest-md5-perl            <none>     (no description available)
ii  libio-stringy-perl            2.110-1    Perl5 modules for IO from scalars 
ii  libmailtools-perl             1.74-0.1   Manipulate email in perl programs
pn  libmime-base64-perl           <none>     (no description available)
ii  libmime-perl                  5.420-0.1  Perl5 modules for MIME-compliant m
ii  libnet-perl                   1:1.19-3   Implementation of Internet protoco
ii  libnet-server-perl            0.90-1     An extensible, general perl server
ii  libunix-syslog-perl           0.100-5    Perl interface to the UNIX syslog(
ii  perl [libtime-hires-perl]     5.8.8-6.1  Larry Wall's Practical Extraction 
ii  perl-modules [libnet-perl]    5.8.8-6.1  Core Perl modules

amavisd-new recommends no packages.

-- debconf information:
  amavisd-new/outdated_config_style_warning:

Send a report that this bug log contains spam.