Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-13 23:57 UTC

Thread

p0f...?

p0f...?

2015-04-07 by Bill Levering

I thought I had p0f working, but I’m seeing this in the logs:

Apr  7 15:25:13 planx milter-greylist: p0f reply id mismatch 0 expected 2db21
Apr  7 15:25:18 planx milter-greylist: t37FPDKr005463: addr [185.32.183.11][185.32.183.11] from <Topdollar4homes@...> to <idbill@...> blacklisted (ACL 1654)

yet, it appears p0f is actually working...

[root@planx ~]# ~idbill/p0f-client /var/run/p0f 185.32.183.11
First seen    = 2015/04/07 15:25:13
Last update   = 2015/04/07 15:25:13
Total flows   = 1
Detected OS   = Linux 3.1-3.10
HTTP software = ???
Network link  = Ethernet or modem
Language      = ???
Distance      = 10
Uptime        = 0 days 6 hrs 32 min (modulo 49 days)

Could this be a backward compatibility issue with p0f v2 and v3 in relation to filter-greylist?

Bill

p0f...?

2015-04-07 by Bill Levering

I thought I had p0f working, but I’m seeing this in the logs:

Apr  7 15:25:13 planx milter-greylist: p0f reply id mismatch 0 expected 2db21
Apr  7 15:25:18 planx milter-greylist: t37FPDKr005463: addr [185.32.183.11][185.32.183.11] from <Topdollar4homes@...> to <idbill@...> blacklisted (ACL 1654)

yet, it appears p0f is actually working...

[root@planx ~]# ~idbill/p0f-client /var/run/p0f 185.32.183.11
First seen    = 2015/04/07 15:25:13
Last update   = 2015/04/07 15:25:13
Total flows   = 1
Detected OS   = Linux 3.1-3.10
HTTP software = ???
Network link  = Ethernet or modem
Language      = ???
Distance      = 10
Uptime        = 0 days 6 hrs 32 min (modulo 49 days)

Could this be a backward compatibility issue with p0f v2 and v3 in relation to filter-greylist?

Bill

Re: [milter-greylist] p0f...?

2015-04-07 by Manuel Badzong

> Could this be a backward compatibility issue with p0f v2 and v3 in relation to filter-greylist?

Yes. The p0f API changed from v2 to v3. milter-greylist uses the v2 interface.
The request/response ID check is performed first hence the message.

Best regards

Manuel

Re: [milter-greylist] p0f...?

2015-04-08 by manu@...

Manuel Badzong manuel@... [milter-greylist]
<milter-greylist@yahoogroups.com> wrote:

> Yes. The p0f API changed from v2 to v3. milter-greylist uses the v2 interface.
> The request/response ID check is performed first hence the message.

As usual, patches are welcome if someone wants to add v3 support. It
should not be very difficult.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

Re: [milter-greylist] p0f...?

2015-04-08 by Bill Levering

2 interesting things to note…

1) it appears that p0f v3 is supported, but you have to enable it:
./configure —help | grep p0f3
  --enable-p0f3 Enable p0f support, v3.00 to v3.05
  --enable-p0f306       Enable p0f support, v3.06 and up

I’m using v3.08b and the p0f_api_query/response struct(s) in p0f.c look identical to the p0f308b source code.

and
2) the Epel yum repo offers version 4.5.12 (Milter-greylist website indicates this is a Development snapshot)
Name        : milter-greylist
Arch        : x86_64
Version     : 4.5.12
Release     : 2.el7
Size        : 337 k
Repo        : installed
From repo   : epel


Bill
Show quoted textHide quoted text
> On Apr 7, 2015, at 6:11 PM, manu@... [milter-greylist] <milter-greylist@yahoogroups.com> wrote:
> 
> Manuel Badzong manuel@... [milter-greylist]
> <milter-greylist@yahoogroups.com> wrote:
> 
> > Yes. The p0f API changed from v2 to v3. milter-greylist uses the v2 interface.
> > The request/response ID check is performed first hence the message.
> 
> As usual, patches are welcome if someone wants to add v3 support. It
> should not be very difficult.
> 
> -- 
> Emmanuel Dreyfus
> http://hcpnet.free.fr/pubz
> manu@...
> 
>

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.