Re: [AMaViS-user] [SPAM] First public pre-release (-pre2) of

Vincent,

> > If using p0f-analyzer, please switch soon to a version of
> > p0f-analyzer.pl as supplied with 2.4.5-pre2 (or later).
> > It fixes an endless-loop in p0f-analyzer.pl which happens
> > if a p0f daemon crashes (piped to stdin of p0f-analyzer)
> > or is manually terminated without also terminating p0f-analyzer.
> > The fixed p0f-analyzer.pl may be (and should be) used
> > even with earlier versions of amavisd. Additionally,
> > it binds only to a loopback interface by default
> > (as some marginal security improvement).

> I run p0f-analyzer.pl on my MX host and amavisd-new on another host, is
> this a security problem because p0f-analyzer does not bind to loopback
> interface?

No, it is not a security problem, just nice to have.

There is already a restriction in p0f-analyzer.pl (the list @inet_acl)
which discards all requests not coming from 127.0.0.1 (or whatever
IP addresses are listed in @inet_acl).

What is important is that p0f-analyzer.pl does not enter a
tight loop (unnecessarily wasting resources) if it happens
that a p0f program (piped to it) would crash or is manually killed.

Mark

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?p...rge&CID=DEVDEV
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/