Re: [AMaViS-user] p0f-analyzer load balancing problem
This is a discussion on Re: [AMaViS-user] p0f-analyzer load balancing problem within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; Bartek, > Im not sure what can be wrong, but this just simply does not work. > Amavisd stopped to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-30-2007
|
|||
|
|||
Re: [AMaViS-user] p0f-analyzer load balancing problem
Bartek,
> Im not sure what can be wrong, but this just simply does not work. > Amavisd stopped to do p0f connections at all. I had to use static IP > addresses instead of '*' which would be better of course, but that is > because of the way in haproxy does tcp load balancing - it seems to > Amavisd that it gets the connection to proper port (for launching > policy banks) from itself. But still, this should work. Can anybody > take a look and point me, where the issue is? > Amavisd log: http://rafb.net/p/xtH2Kw18.html > Amavisd config: http://rafb.net/p/JAicyF50.html Your log does not show a case which is to be investigated. Please show what happens when os_fingerprint_method is not overridden in a policy bank by a fixed address, and the global setting $os_fingerprint_method='p0f:*:1234' prevails. The relevant log entries are (grep for): CONNECT TCP Peer Fingerprint dynamic destination In your case the "CONNECT TCP Peer" shows 10.10.3.244, which is what the "dynamic destination" and the "Fingerprint" log entries should report too. I hope the reported "CONNECT TCP Peer" address is the correct address where the MTA connection really came from. If it is not, we may have a Net::Server or a haproxy issue. If it is, then "dynamic destination" should see it too, or it needs to be investigated. > Amavisd stopped to do p0f connections at all. The "Fingerprint query:" log entry doesn't come up at all, or does it show an incorrect address? If it doesn't come up at all, there can only be two reasons. Here is the relevant code section: my($os_fingerprint_method) = c('os_fingerprint_method'); if (!defined($os_fingerprint_method) || $os_fingerprint_method eq '') { # no fingerprinting service configured } elsif ($cl_ip eq '' || $cl_ip eq '0.0.0.0' || $cl_ip eq '::') { # original client IP address not available, can't query p0f } else { $which_section = "os_fingerprint"; $os_fingerprint_obj = Amavis::OS_Fingerprint->new( dynamic_destination($os_fingerprint_method,$conn,0 ), 0.050, $cl_ip, $mail_id); } So, either the os_fingerprint_method setting is empty, or the SMTP session from a MTA did not supply a remote client's IP address with an XFORWARD command, as it did corectly in your log: ESMTP< XFORWARD NAME=anduril.amu.edu.pl ADDR=150.254.88.204 Perhaps you were testing manually by telnetting, and did not supply the XFORWARD ADDR information. Mark ------------------------------------------------------------------------- SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
