You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by macli <vl...@vcn.bc.ca> on 2007/06/12 19:03:05 UTC
Re: [SPAM] Re: Passive Fingerprinting to feed filters
On Samstag, 10. März 2007 Vincent Li wrote:
> I happen to have a custom SA plugin to query p0f unix domain socket,
> I guess it can be modified to add X-p0f-*** to meta header.
>
> http://bl0g.blogdns.com/sa-p0f-plugin/P0f-X86.pm
Did anybody make further development on this thread?
mfg zmi
I reworked on another p0f plugin lately which add "X-P0f-OS-Fingerprinting"
meta header, it talks to p0f-analyzer.pl over udp,
not unix socket though. you can download from here:
http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pm
http://bl0g.blogdns.com/spamassassin/p0f-analyzer.cf
http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pl
Vincent
--
View this message in context: http://www.nabble.com/Re%3A--SPAM--Re%3A-Passive-Fingerprinting-to-feed-filters-tf3824841.html#a11082785
Sent from the SpamAssassin - Dev mailing list archive at Nabble.com.
Re: [SPAM] Re: [SPAM] Re: Passive Fingerprinting to feed filters
Posted by Vincent Li <vl...@vcn.bc.ca>.
On Tue, 12 Jun 2007, Michael Monnerie wrote:
> On Dienstag, 12. Juni 2007 macli wrote:
>> I reworked on another p0f plugin lately which add
>> "X-P0f-OS-Fingerprinting" meta header, it talks to p0f-analyzer.pl
>> over udp,
>> not unix socket though. you can download from here:
>>
>> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pm
>> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.cf
>> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pl
>
> I tried it now with SA 3.20, but do not see this header. --lint shows no
> errors, so it should be used. What could be the problem?
>
> mfg zmi
Did you run p0f-analyzer.pl on your MX server?
run p0f-analyzer.pl first, then send youself a test message and watch log
if you got any rules hit in p0f-analyzer.cf, or try spamassassin
-Dmetadata -t < test_message.
Vincent Li
http://bl0g.blogdns.com
Re: [SPAM] Re: Passive Fingerprinting to feed filters
Posted by Michael Monnerie <mi...@it-management.at>.
On Dienstag, 12. Juni 2007 macli wrote:
> I reworked on another p0f plugin lately which add
> "X-P0f-OS-Fingerprinting" meta header, it talks to p0f-analyzer.pl
> over udp,
> not unix socket though. you can download from here:
>
> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pm
> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.cf
> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pl
I tried it now with SA 3.20, but do not see this header. --lint shows no
errors, so it should be used. What could be the problem?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0676/846 914 666 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB 11B7 BA2D 060F 1C6F E6B0
// Keyserver: www.keyserver.net Key-ID: 1C6FE6B0