p0f milter for Postfix?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

p0f milter for Postfix?

Rich Wales
Hi.  Does a milter or other solution exist to allow Postfix to insert OS
fingerprint information into incoming e-mail via p0f?

I know it's possible to insert p0f info via amavisd-new, but I'm running
MX hosts in front of my mail server (where I run amavisd-new), and if
I'm going to use p0f, I assume I need to run it on my MX hosts and not
on the mail server itself (since p0f on my mail server would be
fingerprinting my MX hosts and not the actual source of a message).

I would, of course, be using the rewritten p0f (version 3.08b).

Thanks for any suggestions.

Rich Wales
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: p0f milter for Postfix?

Bill Cole-3
On 8 Feb 2016, at 2:55, Rich Wales wrote:

> Hi.  Does a milter or other solution exist to allow Postfix to insert
> OS
> fingerprint information into incoming e-mail via p0f?

If you are desperate enough for this in milter form, you could do it
using the MIMEDefang milter, which is designed for doing much more but
can be given a trivial filter script that can do anything you can write
the Perl to do: even a system() call to run a bit of shell if you're
really into nasty hacks...

Another option would be to put an amavisd-new instance on your outside
hosts with a degenerate config that only does the p0f bit and hands the
messages back to the outside Postfix or directly to the inside.

> I know it's possible to insert p0f info via amavisd-new, but I'm
> running
> MX hosts in front of my mail server (where I run amavisd-new), and if
> I'm going to use p0f, I assume I need to run it on my MX hosts and not
> on the mail server itself (since p0f on my mail server would be
> fingerprinting my MX hosts and not the actual source of a message).

Yes. The real question I have is why one would choose that architecture.
I'm used to the idea of putting a layer of relays outside a core mail
system with the IPs of the public MX records and all the filtering cruft
*outside* so  that inside mail systems can be simpler or run problematic
stuff like Exchange. I've never seen a system where the outside MX layer
doesn't handle filtering. It seems pointless to me, although obviously
it is not for you.
Reply | Threaded
Open this post in threaded view
|

Re: p0f milter for Postfix?

Rich Wales

> Yes. The real question I have is why one would choose that architecture.
> I'm used to the idea of putting a layer of relays outside a core mail
> system with the IPs of the public MX records and all the filtering cruft
> *outside* so  that inside mail systems can be simpler or run problematic
> stuff like Exchange. I've never seen a system where the outside MX layer
> doesn't handle filtering. It seems pointless to me, although obviously
> it is not for you.

I do have a reason for this particular architecture, but I don't think
people would appreciate my going into detail about it here because it's
not narrowly specific to Postfix.

Rich Wales
[hidden email]