Milter-greylist

>
> What version of milter-greylist are you trying with p0f 3.03 and 3.06?
> The solution is install milter-greylist 4.4.1 and use p0f 3.03b or greater with the exception of 3.06b.  You can use 3.06b if you modify the api.h before you build it.
> 
> I don't know if this is exactly the same problem, but when I run milter-greylist with p0f, p0f dies with the following message, when a mail message comes through:
> 
> [!] WARNING: Query with bad magic (0xdefaced).
> [-] SYSTEM ERROR : read() on API socket fails despite POLLIN.
> Location : live_event_loop(), p0f.c:916
> OS message : Connection reset by peer
> 
> I'm running p0f from the command line with:
> /usr/sbin/p0f -i br0 -f /etc/p0f.fp -s /var/run/p0f.socket -u smmsp
> 
> > As a followup, I e-mailed the author of p0f and this is what he sent back:
> > 
> > Version 3.06 fixed a query structure alignment issue present in
> > earlier versions of p0f v3. That may be causing problems. I'd ping the
> > author of the filter. It should be a trivial change.
> > 
> > If you want to temporarily "fix" your version, edit api.h for p0f 3.06
> > and remove the two mentions of __attribute__((packed)). This will
> > restore the old behavior.
> > 

Hi.

After many months I've finally fixed this.  I was using

# ./configure --enable-p0f

instead of 

# ./configure --enable-p0f3

I have used version 3.06b with __attribute__((packed)) removed and it works now, with milter-greylist 4.4.1

One problem that I now have is that my logs don't always pick up the OS of the sender - this didn't happen with earlier versions of milter-greylist and p0f 2 - eg - see "()" in:

2013/01/27 14:43:21 smtpna.posta.tim.it [217.200.184.87] () tsole@... -> me@... accept (ACL 339)    Delayed for 05:18:28 by milter-greylist-4.4.1 (mydomain.com.au [192.168.0.40]); Sun, 27 Jan 2013 14:43:21 +1100 (EST)

This is the relevant line in my config:

stat ">>/var/log/milter-greylist.log" "%T{%Y/%m/%d %T} %d [%i] (%Fx) %f -> %r %S (ACL %A) %Xc %Xe %Xm %Xh\n"

Maybe this is not important - it still seems to delay messages appropriately.

I start p0f with:
# /usr/sbin/p0f -i br0 -f /etc/p0f.fp -s /var/run/p0f.socket -u smmsp -o /var/log/p0f-audit.log 'tcp and tcp[13] & 2 = 2'

Another question - I see the new version of p0f has "Windows 7 or 8".   Should this be greylisted?  Currently it is not:

## See http://milter-greylist.wikidot.com/using-p0f
# safe Windows hosts
racl whitelist p0f "Windows 2003"       addheader "X-Greylist-OS: %Fx"
racl whitelist p0f "Windows 2008"       addheader "X-Greylist-OS: %Fx"
racl whitelist p0f "Windows 2000 SP4"   addheader "X-Greylist-OS: %Fx"

# unsafe Windows hosts -- put this line below ALL racl whitelist lines
racl greylist  p0f "Windows" addheader "X-Greylist-OS: %Fx"