SnertSoft: We Serve Your Server

milter-p0f/0.6 (alpha)
«When first impressions count.»


Description & Usage ° Installation & Notes ° License & Support

Description

p0f is a passive OS finger-printing tool that analyses the network traffic sent by a remote host that is performing some network task, such as connecting to the mail server, for signature traits that can identify the remote device in some manner.

This Sendmail mail filter provides an interface between sendmail and p0f running as a daemon. Currently, it only adds to each message a X-milter-p0f-Report header containing the p0f information. This header can be subsequently used by other milters or tools such as milter-cli or milter-spamc with SpamAssassin, or an end user's mail client message filters.

Usage

milter-p0f [options ...][arguments ...]

Options can be expressed in four different ways. Boolean options are expressed as +option or -option to turn the option on or off respectively. Options that required a value are expressed as option=value or option+=value for appending to a value list. Note that the +option and -option syntax are equivalent to option=1 and option=0 respectively. Option names are case insensitive.

Some options, like +help or -help, are treated as immediate actions or commands. Unknown options are ignored. The first command-line argument is that which does not adhere to the above option syntax. The special command-line argument -- can be used to explicitly signal an end to the list of options.

The default options, as shown below, can be altered by specifying them on the command-line or within an option file, which simply contains command-line options one or more per line and/or on multiple lines. Comments are allowed and are denoted by a line starting with a hash (#) character. If the file option is defined and not empty, then it is parsed first followed by the command-line options.

Note that there may be additional options that are listed in the option summary given by +help or -help that are not described here.

+daemon
Start as a background daemon or foreground application.
file=/etc/mail/milter-p0f.cf
Read the option file before command line options. This option is set by default. To disable the use of an option file, simply say file=''
-help or +help
Write the option summary to standard output and exit. The output is suitable for use as an option file.
interface-ip=
One of the IP addresses for this host. When empty or set to this-host (0.0.0.0 or IPv6:::0), then the address will be determined at start-up. This value may be used if {if_addr} and {daemon_addr} are undefined.
interface-name=
One of the FQDN for this host. If empty, then the host name will be automatically determined at start-up. If interface-ip= is undefined or set to this-host, then the name specified or determined at startup will influence the IP address found at startup.
milter-socket=unix:/var/run/milter/milter-p0f.socket
A socket specifier used to communicate between Sendmail and milter-p0f. Typically a unix named socket or a host:port. This value must match the value specified for the INPUT_MAIL_FILTER() macro in the sendmail.mc file. The accepted syntax is:
{unix|local}:/path/to/file
A named pipe. (default)
inet:port@{hostname|ip-address}
An IPV4 socket.
inet6:port@{hostname|ip-address}
An IPV6 socket.
milter-timeout=7210
The sendmail/milter I/O timeout in seconds.
p0f-socket=/var/run/p0f.socket
The unix domain socket path of the p0f daemon. See the p0f -d and -Q options for details. Make sure this socket is readable/writeable by the milter process.
p0f-timeout=60
The milter/p0f I/O timeout in seconds.
pid-file=/var/run/milter/milter-p0f.pid
The file path of where to save the process-id.
-quit or +quit
Quit an already running instance of the milter and exit. This is equivalent to: kill -QUIT `cat /var/run/milter/milter-p0f.pid`
-restart or +restart
Terminate an already running instance of the milter before starting.
run-group=milter
The process runtime group name to be used when started by root.
run-user=milter
The process runtime user name to be used when started by root.
verbose=info
A comma separated list of how much detail to write to the mail log. Those mark with § have meaning for this milter.
§ all All messages
§ 0 Log nothing.
§ info General info messages. (default)
  trace Trace progress through the milter.
  parse Details from parsing addresses or special strings.
  debug Lots of debug messages.
§ dialog I/O from Communications dialog
  state State transitions of message body scanner.
  dns Trace & debug of DNS operations
  cache Cache get/put/gc operations.
  database Sendmail database lookups.
  socket-fd Socket open & close calls
  socket-all All socket operations & I/O
§ libmilter libmilter engine diagnostics
work-dir=/var/tmp
The working directory of the process. Normally serves no purpose unless the kernel option that permits daemon process core dumps is set.

SMTP Responses

This is the list of possible SMTP responses.

Installation

  1. Download:

    milter-p0f/0.6 md5sum Change Log
    LibSnert md5sum Change Log
    Sendmail 8.13   http://www.sendmail.org/
    p0f   http://lcamtuf.coredump.cx/p0f.shtml
  2. If you have never built a milter for Sendmail, then please make sure that you build and install libmilter, which is not built by default when you build Sendmail. Please read the libmilter documentation. Briefly, it should be something like this:

    cd (path to)/sendmail-8.13.6/libmilter
    sh Build -c install
    
  3. The build process for libsnert and milter-p0f is pretty straight forward once you have libmilter installed:

    cd (path to)/com/snert/src/lib
    ./configure --without-sqlite3
    make build
    cd ../milter-p0f
    ./configure --with-p0f=(path to)/p0f
    make build
    make install
    

    SQLite support is not required in SnertSoft milters that do not use a cache. If you have compiled LibSnert for a mix of SnertSoft milters, some that require a cache, then you can build them all with the SQLite support. Will not hurt, just produce larger binaries in those that do not need it.

    Both configuration scripts have some options that allow you to override defaults. Those options are listed with:

    ./configure --help
    
  4. An example ${prefix}/share/examples/milter-p0f/milter-p0f.mc is supplied. This file should be reviewed and the necessary elements inserted into your Sendmail .mc file and sendmail.cf rebuilt. Please note the comments on the general milter flags.

    
    
  5. Once installed and configured, start milter-p0f and then restart Sendmail. An example startup script is provided in ${prefix}/share/examples/milter-p0f/milter-p0f.sh.

    Also be sure to start the p0f daemon:

    p0f -d -Q /var/run/p0f.socket -o /dev/null 'dst port 25'
    chmod a+w /var/run/p0f.socket
    

Notes

  • Currently tested platforms:

    Cobalt Qube 1 with Linux RH 5.1 (mips 2.0.34 kernel); Linux RH 5.1 (Intel x386 2.2.25 kernel); OpenBSD 3.6 (Intel x386)
  • The minimum desired file ownership and permissions are as follows for a typical Linux system. For FreeBSD, NetBSD, and OpenBSD the binary and cache locations may differ, but have the same permissions.

    Process user ``milter'' is primary member of group ``milter'' and secondary member of group ``smmsp''. Note that the milter should be started as root, so that it can create a .pid file and .socket file in /var/run; after which it will switch process ownership to milter:milter before starting the accept socket thread.

    /etc/mail/root:smmsp0750 drwxr-x---
    /etc/mail/access.dbroot:smmsp0640 -rw-r-----
    /etc/mail/sendmail.cfroot:smmsp0640 -rw-r-----
    /etc/mail/milter-p0f.cfroot:root0644 -rw-r--r--
    /var/run/p0f.socket?:?0644 srw-rw-rw-
    /var/run/milter/milter-p0f.pidmilter:milter0644 -rw-r--r--
    /var/run/milter/milter-p0f.socketmilter:milter0644 srw-r--r--
    /var/db/milter-p0fmilter:milter0644 -rw-r--r-- (*BSD)
    /var/cache/milter-p0fmilter:milter0644 -rw-r--r-- (linux)
    /usr/local/libexec/milter-p0froot:milter0550 -r-xr-x---

License Agreement 1.4

SNERTSOFT IS WILLING TO LICENSE THE SOFTWARE IDENTIFIED ABOVE TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS LICENSE AGREEMENT. PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT.

  1. Definitions

    1. ``Package'' means the identified above in source and/or binary form, any other machine readable materials provided (including, but not limited to documentation, sample files, data files), any updates or error corrections, and its derivative works.

    2. ``Private Individual'' means an individual using the Package for personal, private, and non-commercial use only.

    3. ``Organisation'' means a legal entity or an individual that does not qualify as a Private Individual defined above.

    4. ``You'' (or ``Your'') means a Private Individual or Organisation exercising rights under, and complying with all of the terms of, this License or a future version of this License issued under Section 5.1. For legal entities, ``You'' includes any entity which controls, is controlled by, or is under common control with You. For purposes of this definition,``control'' means (a) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of such entity.

    5. The Package is an original work written by Anthony C. Howe, hereto referred to as the ``Author''.

  2. License To Use

    1. If You are a Private Individual and so benefited from a reduced purchase price, then You may only compile, install, and use this Package, with or without private modifications, exclusively on a single machine You legally own or rent from a third party, provided You retain this notice, the Author's copyright notice, any and all license control methods (see below), and any links within the Package back to the most current online versions of this License and Disclaimer.

    2. Otherwise if You have paid the full purchase price, then You may compile, install, and use this Package, with or without private modifications, exclusively on machines You legally own or rent from a third party, provided You retain this notice, the Author's copyright notice, any and all license control methods (see below), and any links within the Package back to the most current online versions of this License and Disclaimer.

    3. You may copy, share, distribute, modify, and create derivative works from the user manuals and any related documentation solely for Your internal business purposes, such as in-house documentation, training manuals, or reference material.

  3. Restrictions

    1. Redistribution, including but not limited to books, CDROMS, download mirrors, floppy diskettes, hard disks, hardcopy print outs, online archives, solid state disks, streaming tapes, or other current or future forms of storage or communication media of the Package, with or without modifications, including any and all derivative works such as source patches, binaries, binary patches, or similar is expressly forbidden without prior written permission in hardcopy (letter or fax) signed and dated by the Author.

    2. It is expressly forbidden for You to use the Package, in whole or in part, in any other software, except those designated by the Author.

    3. It is expressly forbidden for You to use the Package to develop any software or other technology having the same primary function as the Package, including but not limited to using the Package in any development or test procedure that seeks to develop like software or other technology, or determine if such software or other technology performs in a similar manner as the Package.

    4. You may not sell, rent, lease, or transfer the Package to third parties without prior written permission in hardcopy (letter or fax) signed and dated by the Author.

  4. Termination

    1. This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of the Package. This Agreement will terminate immediately without notice from the Author if You fail to comply with any provision of this Agreement. Either party may terminate this Agreement immediately should any portion of the Package become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon Termination, You must destroy all copies of the Package.

  5. Versions Of The License

    1. New Versions. The Author may publish revised and/or new versions of the License from time to time. Each version will be given a distinguishing version number.

    2. Effect of New Versions. Once a version of the Package has been published under a particular version of the License, You may always continue to use it under the terms of that License version. You may also choose to use such Package under the terms of any subsequent version of the License published by the Author. No one other than the Author has the right to modify the terms applicable to the Package created under this License.

Disclaimer

THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO WAY SHALL THE AUTHOR OR LICENSEE BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

License Control

The Package may use one or more license control methods including, but not limited to, license key activation, periodic reporting of Package details and IP address of installation to SnertSoft, remote license verification by SnertSoft, or other future technical means. Any information reported to or gathered by SnertSoft shall remain strictly confidential and the private property of SnertSoft. Under no circumstances will SnertSoft resell or release this information to third parties, unless demanded by court order.

Support

Support is only provided for the Author's original Package. Priority support can be purchased. Free support is limited, based on the Author's availability, though enhancements requests and problem reports are welcome. A community mailing list is available; please refer to SnertSoft web site Support area for details.

Gifts

Gifts from the author's Amazon US or Amazon UK wish list (search by mail address <achowe at snert dot com>) are welcomed for the continued encouragement, moral support, and ego pumping needed to work in foreign non-english speaking lands.

spittoons since 19 May 2006