Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: Milter-greylist with p0f ver 3.06b

2013-01-25 by super_1337_2010

I don't know if this is exactly the same problem, but when I run milter-greylist with p0f, p0f dies with the following message, when a mail message comes through:

[!] WARNING: Query with bad magic (0xdefaced).
[-] SYSTEM ERROR : read() on API socket fails despite POLLIN.
        Location : live_event_loop(), p0f.c:916
      OS message : Connection reset by peer

I'm running p0f from the command line with:
/usr/sbin/p0f -i br0 -f /etc/p0f.fp -s /var/run/p0f.socket -u smmsp

I have tried the latest stable and unstable, and cvs versions of milter-greylist and p0f 3.03 and 3.06.  I see that there have been discussions about this in the past.

So far I'm only able to run milter-greylist-2.4.6 with p0f 2.0.8

I run 64-bit gentoo Linux.

--- In milter-greylist@yahoogroups.com, "Gary Faith"  wrote:
>
> As a followup, I e-mailed the author of p0f and this is what he sent back:
> 
> Version 3.06 fixed a query structure alignment issue present in
> earlier versions of p0f v3. That may be causing problems. I'd ping the
> author of the filter. It should be a trivial change.
> 
> If you want to temporarily "fix" your version, edit api.h for p0f 3.06
> and remove the two mentions of __attribute__((packed)). This will
> restore the old behavior.
> 
> /mz
> 
> I removed the two mentions of the __attribute__((packed)) and it works now but going forward can milter-greylist be updated to work with the new p0f without the change?
> 
> Thanks,
> 
> Gary
> 
> >>> "Gary Faith"  1/23/2013 8:34 PM >>>
>   
> On Feb 15, 2012, I posted a problem with p0f v3 and subsequently a new milter-greylist 4.41a1 was built and that fixed the problem.
> 
> I had p0f 3.03b installed and working with Milter-Greylist: milter-greylist-4.4a1.  I just downloaded the latest version of p0f 3.06b, compiled it and now I am getting errors.
> 
> Jan 23 19:58:50 mscan milter-greylist: p0f rejected query
> Jan 23 19:59:33 mscan milter-greylist: p0f rejected query
> Jan 23 19:59:54 mscan milter-greylist: p0f rejected query
> Jan 23 20:00:58 mscan milter-greylist: p0f rejected query
> Jan 23 20:01:29 mscan milter-greylist: p0f rejected query
> Jan 23 20:01:53 mscan milter-greylist: p0f rejected query
> Jan 23 20:02:03 mscan milter-greylist: p0f rejected query
> 
> 
> and in the /var/log/p0f.log.error:
> 
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> [!] WARNING: Query with bad magic (0x1000000).
> 
> If I run 3.03b, it works.  I thought maybe that milter-greylist 4.4.1 might fix the problem so I updated to that version but still have the same issue.  
> 
> What could be the problem?
> 
> Thanks,
> 
> Gary Faith
>

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.