haraka-plugin-p0f

1.0.9 • Public • Published

Build Status Code Climate NPM

haraka-plugin-p0f

TCP Fingerprinting

Supply TCP fingerprint info (remote computer OS, network distance, etc) about the remote mail server. This can be used to implement more sophisticated anti-spam policies.

This plugin inserts a p0f connection note with information deduced from the TCP fingerprint. The note typically includes at least the link, detail, distance, uptime, genre. Here's an example:

genre => FreeBSD detail => 8.x (1) uptime => 1390 link => ethernet/modem distance => 17

Which was parsed from this p0f fingerprint:

24.18.227.2:39435 - FreeBSD 8.x (1) (up: 1390 hrs) -> 208.75.177.101:25 (distance 17, link: ethernet/modem)

The following additional values may also be available in the p0f connection note:

magic, status, first_seen, last_seen, total_conn, uptime_min, up_mod_days, last_nat, last_chg, distance, bad_sw, os_match_q, os_name, os_flavor, http_name, http_flavor, link_type, and language.

Configuration

  1. start p0f

Create a startup script for p0f that creates a communication socket when your server starts up.

/usr/local/bin/p0f -u smtpd -d -s /tmp/.p0f_socket 'dst port 25 or dst port 587'
chown smtpd /tmp/.p0f_socket
  1. configure p0f plugin

add an entry to config/plugins to enable p0f:

p0f
  1. review settings in config/p0f.ini

At a minimum, [main]socket_path must be defined.

Startup

In the contrib/ubuntu-upstart directory is a config file (p0f.conf) for Ubuntu.

In the contrib/bsd-rc.d directory is a startup file for FreeBSD.

Readme

Keywords

Package Sidebar

Install

npm i haraka-plugin-p0f

Weekly Downloads

1,164

Version

1.0.9

License

MIT

Unpacked Size

18.6 kB

Total Files

18

Last publish

Collaborators

  • smfreegard
  • baudehlo
  • tnpi
  • msimerson