Neatly Positioned Magazines

    haraka-plugin-p0f

    1.0.8 • Public • Published

    Build Status Code Climate NPM

    haraka-plugin-p0f

    TCP Fingerprinting

    Supply TCP fingerprint info (remote computer OS, network distance, etc) about the remote mail server. This can be used to implement more sophisticated anti-spam policies.

    This plugin inserts a p0f connection note with information deduced from the TCP fingerprint. The note typically includes at least the link, detail, distance, uptime, genre. Here's an example:

    genre => FreeBSD detail => 8.x (1) uptime => 1390 link => ethernet/modem distance => 17

    Which was parsed from this p0f fingerprint:

    24.18.227.2:39435 - FreeBSD 8.x (1) (up: 1390 hrs) -> 208.75.177.101:25 (distance 17, link: ethernet/modem)

    The following additional values may also be available in the p0f connection note:

    magic, status, first_seen, last_seen, total_conn, uptime_min, up_mod_days, last_nat, last_chg, distance, bad_sw, os_match_q, os_name, os_flavor, http_name, http_flavor, link_type, and language.
    

    Configuration

    1. start p0f

    Create a startup script for p0f that creates a communication socket when your server starts up.

    /usr/local/bin/p0f -u smtpd -d -s /tmp/.p0f_socket 'dst port 25 or dst port 587'
    chown smtpd /tmp/.p0f_socket
    
    1. configure p0f plugin

    add an entry to config/plugins to enable p0f:

    p0f
    
    1. review settings in config/p0f.ini

    At a minimum, [main]socket_path must be defined.

    Startup

    In the contrib/ubuntu-upstart directory is a config file (p0f.conf) for Ubuntu.

    In the contrib/bsd-rc.d directory is a startup file for FreeBSD.

    Install

    npm i haraka-plugin-p0f

    DownloadsWeekly Downloads

    674

    Version

    1.0.8

    License

    MIT

    Unpacked Size

    18.5 kB

    Total Files

    18

    Last publish

    Collaborators

    • smfreegard
    • baudehlo
    • tnpi
    • msimerson