Re: [AMaViS-user] p0f-analyzer load balancing problem

On Thu, 29 Nov 2007 16:52:25 +0100
Mark Martinec <Mark.Martinec+amavis@ijs.si> wrote:

> Bartek,
>
> > > > $policy_bank{'MX00'} = {
> > > > forward_method => 'smtp:[10.10.3.9]:10025',
> > > > $os_fingerprint_method =>'p0f:[*]:1234',
> > > > };
>
> Robert Brooks wrote:
> > > I think that should be * not[*], but I'm willing to be wrong.
>
> Thanks, correct. I have an incorrect example, sorry.
>
> > Well, in that case it works better, but still not as it should be:
> >
> > Nov 29 10:17:52 scanner00 amavis[6782]: (06782-03) dynamic
> > destination: p0f:*:1234 -> p0f:[10.10.3.244]:1234
> >
> > 10.10.3.244 is actually ip number of scanner00, so it is trying to
> > ask itself?
>
> I just tried it here, and it works as expected, the UPD packet was
> sent to an IP address from which a connect to amavisd port 10024 came
> from. Are you sure you connected from a host other than 10.10.3.244?
>
> The IP address to which an UDP query packet is send should be
> the same as reported in the following two log entries (log level 5):
>
> (88442-11) Net::Server: 2007/11/29-16:39:37 CONNECT TCP
> Peer: "10.0.4.95:54292" Local: "10.0.4.8:10024"
> (88442-11) loaded base policy bank
> (88442-11) lookup_ip_acl (inet_acl):
> key="10.0.4.95" matches "10.0.4.95", result=1
>
> > Also, I can see now something like that:
> >
> > Nov 29 10:17:52 scanner00 amavis[6782]: (06782-02) (!)loading policy
> > bank "MX00": unknown field ""
> > Nov 29 10:17:52 scanner00 amavis[6782]: (06782-02) loaded policy
> > bank "MX00"
> >
> > while my MX00 policy bank is:
> >
> > $interface_policy{'10049'} = 'MX00';
> > $interface_policy{'10024'} = 'MX01';
> > $policy_bank{'MX00'} = {
> > forward_method => 'smtp:[10.10.3.9]:10025',
> > $os_fingerprint_method =>'p0f:*:1234',
> > };
> > $policy_bank{'MX01'} = {
> > forward_method => 'smtp:[10.10.3.9]:10025',
> > $os_fingerprint_method => 'p0f:*:1234',
> > };
> >
> > What is going on here? Am I missing something?
>
> Syntax:
>
> $policy_bank{'MX00'} = {
> forward_method => 'smtp:[10.10.3.9]:10025',
> os_fingerprint_method => 'p0f:*:1234',
> };
>
> (no dollar, hash keys are strings, not variables to be evaluated
> to an empty string)
>
> Mark
>

Im not sure what can be wrong, but this just simply does not work.
Amavisd stopped to do p0f connections at all. I had to use static IP
addresses instead of '*' which would be better of course, but that is
because of the way in haproxy does tcp load balancing - it seems to
Amavisd that it gets the connection to proper port (for launching
policy banks) from itself. But still, this should work. Can anybody
take a look and point me, where the issue is?

Amavisd log:
http://rafb.net/p/xtH2Kw18.html

Amavisd config:
http://rafb.net/p/JAicyF50.html

Thanks a lot,
Bartek Rutkowski

-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell. From the desktop to the data center, Linux is going
mainstream. Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/