Milter-greylist

manu@... writes:

> gitoshi <gitoshi@...> wrote:
>
>> Does milter-greylist support postfix+p0f ???
>
> Not yet, but that seems easy to fix.
>
> The p0f interface require the local interface IP address. Sendmail makes
> it available through the {if_addr} macro, and milter-greylist can read
> it using this:
>     smfi_getsymval(priv->priv_ctx, "{if_addr}")
>
> Unfortunately, Postfix does not provide this macro. If you only have one
> public IP, then you can hack milter-greylist to hardcode it. 
> In p0f.c:p0f_lookup() you can set your own address instead of going
> through the code block you are currently failing:
>
>     if ((daddr = smfi_getsymval(priv->priv_ctx, "{if_addr}")) == NULL) {
>         mg_log(LOG_DEBUG, "smfi_getsymval failed for {if_addr}");
>         return -1;
>     }
>
> Replacing it by something like this should do the trick:
>     daddr = "192.0.2.1";
>
>
> But this is a hack, and I think we can do better. I wonder if it would
> make sense to add a configuration option to specify the mail server
> public IP address to work around this Postfix missing feature. It will
> certainly break on machines with multiples IP. Opinions anyone? Any
> better idea?


I have run into this as well.

How hard is it to patch postfix?  I would think postfix people would
look upon this reasonably, and we could certainly put the patch in
pkgsrc.
I have been meaning to do this, but lack of p0f has not been high on my
list of problems to solve lately.