Postgrey p0f patch

Postgrey is a Postfix policy server implementing greylisting. This patch adds p0f support to Postgrey based on p0fq.pl from p0f, like the patch by Fedux. P0f is a fingerprint tool, to identify operating systems. The difference between Fedux’s patch and mine is that his patch requires p0f-analyzer. See the image below.

p0f-analyse-postgrey

My patch uses p0f’s socket created with the ‘-Q’ option. Because Postgrey doesn’t know what the source port is of the sender, p0f must also be configured with the ‘-0’ option.

my patch

Example usage:

# p0f
p0f -u postgrey -Q /var/run/p0f-sock -0 -N -i eth0 'tcp dst port 25'

# postgrey options
--p0f --p0f-service=/var/run/p0f-sock --p0f-ip=<ip-of-eth0>

Postgrey version: 1.32
Download: pommi.nethuis.nl/..

Comments