Milter-greylist

there are two ways people interface to p0f

Most use the script that comes with amavis

/usr/sbin/p0f -l 'dst port 25' 2>&1 | /usr/sbin/p0f-analyzer 2345 &

and you just query it on a udp port in the format:

SourceIP randomjunk

and it replies

SourceIP randomjunk Os-type verions .......

Or you can use the p0f internal method of using a socket, but I'm not  
sure how flexible that is, it wants source ip, port, and dest ip,port,  
and I dunno if it can do wildcards for any of them.

Quoting manu@...:

> Patrick Domack <patrickdk@...> wrote:
>
>> hmm, that was why I said 'P0f' support, p0f does all that without
>> doing any probes.
>
> Nice, but could you investigate and tell us how that works?
>
> milter-greylist can gather the current SMTP connexion source and
> destination IP and ports, using Sendmail's {client_addr}, {client_port},
> {daemon_addr}, {daemon_port} macros (how does Postfix cope with that?
> Anyone can tell?).
>
> Now what should be done with it? Is there a library with an API for
> parsing p0f logs?
>
> --
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
>
> ------------------------------------
>
> Yahoo! Groups Links
>
>
>
>