You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by macli <vl...@vcn.bc.ca> on 2007/06/12 19:03:05 UTC

Re: [SPAM] Re: Passive Fingerprinting to feed filters


On Samstag, 10. März 2007 Vincent Li wrote:
> I happen to have a custom SA plugin to query p0f unix domain socket,
> I guess it can be modified to add X-p0f-*** to meta header.
>
> http://bl0g.blogdns.com/sa-p0f-plugin/P0f-X86.pm

Did anybody make further development on this thread?

mfg zmi

I reworked on another p0f plugin lately which add "X-P0f-OS-Fingerprinting"
meta header, it talks to p0f-analyzer.pl over udp, 
not unix socket though. you can download from here:

http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pm
http://bl0g.blogdns.com/spamassassin/p0f-analyzer.cf
http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pl

Vincent

-- 
View this message in context: http://www.nabble.com/Re%3A--SPAM--Re%3A-Passive-Fingerprinting-to-feed-filters-tf3824841.html#a11082785
Sent from the SpamAssassin - Dev mailing list archive at Nabble.com.

Re: [SPAM] Re: [SPAM] Re: Passive Fingerprinting to feed filters

Posted by Vincent Li <vl...@vcn.bc.ca>.

On Tue, 12 Jun 2007, Michael Monnerie wrote:

> On Dienstag, 12. Juni 2007 macli wrote:
>> I reworked on another p0f plugin lately which add
>> "X-P0f-OS-Fingerprinting" meta header, it talks to p0f-analyzer.pl
>> over udp,
>> not unix socket though. you can download from here:
>>
>> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pm
>> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.cf
>> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pl
>
> I tried it now with SA 3.20, but do not see this header. --lint shows no
> errors, so it should be used. What could be the problem?
>
> mfg zmi

Did you run p0f-analyzer.pl on your MX server?

run p0f-analyzer.pl first, then send youself a test message and watch log
if you got any rules hit in p0f-analyzer.cf, or try spamassassin 
-Dmetadata -t < test_message.

Vincent Li
http://bl0g.blogdns.com

Re: [SPAM] Re: Passive Fingerprinting to feed filters

Posted by Michael Monnerie <mi...@it-management.at>.

On Dienstag, 12. Juni 2007 macli wrote:
> I reworked on another p0f plugin lately which add
> "X-P0f-OS-Fingerprinting" meta header, it talks to p0f-analyzer.pl
> over udp,
> not unix socket though. you can download from here:
>
> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pm
> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.cf
> http://bl0g.blogdns.com/spamassassin/p0f-analyzer.pl

I tried it now with SA 3.20, but do not see this header. --lint shows no 
errors, so it should be used. What could be the problem?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0676/846 914 666                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: EA39 8918 EDFF 0A68 ACFB  11B7 BA2D 060F 1C6F E6B0
// Keyserver: www.keyserver.net                   Key-ID: 1C6FE6B0