https://github.com/haraka/haraka-plugin-p0f

TCP Fingerprinting of email senders.
https://github.com/haraka/haraka-plugin-p0f

email fingerprinting haraka-plugin p0f tcp

Last synced: about 1 month ago
JSON representation

TCP Fingerprinting of email senders.

• Host: GitHub
• URL: https://github.com/haraka/haraka-plugin-p0f
• Owner: haraka
• License: mit
• Created: 2017-07-28T09:06:07.000Z (almost 8 years ago)
• Default Branch: master
• Last Pushed: 2025-01-31T19:29:31.000Z (4 months ago)
• Last Synced: 2025-04-14T08:16:21.312Z (about 2 months ago)
• Topics: email, fingerprinting, haraka-plugin, p0f, tcp
• Language: JavaScript
• Homepage: https://www.npmjs.com/package/haraka-plugin-p0f
• Size: 55.7 KB
• Stars: 4
• Watchers: 4
• Forks: 7
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Changelog: Changes.md
  • License: LICENSE

Awesome Lists containing this project

README

        
[![Build Status][ci-img]][ci-url]

[![Code Climate][clim-img]][clim-url]

# haraka-plugin-p0f

TCP Fingerprinting

Supply TCP fingerprint info (remote computer OS, network distance, etc) about the remote mail server. This can be used to implement more sophisticated anti-spam policies.

This plugin inserts a _p0f_ connection note with information deduced

from the TCP fingerprint. The note typically includes at least the link,

detail, distance, uptime, genre. Here's an example:

genre => FreeBSD

detail => 8.x (1)

uptime => 1390

link => ethernet/modem

distance => 17

Which was parsed from this p0f fingerprint:

24.18.227.2:39435 - FreeBSD 8.x (1) (up: 1390 hrs)

-> 208.75.177.101:25 (distance 17, link: ethernet/modem)

The following additional values may also be available in

the _p0f_ connection note:

    magic, status, first_seen, last_seen, total_conn, uptime_min, up_mod_days, last_nat, last_chg, distance, bad_sw, os_match_q, os_name, os_flavor, http_name, http_flavor, link_type, and language.

## Configuration

1. start p0f

Create a startup script for p0f that creates a communication socket when your

server starts up.

    /usr/local/bin/p0f -u smtpd -d -s /tmp/.p0f_socket 'dst port 25 or dst port 587'

    chown smtpd /tmp/.p0f_socket

2. configure p0f plugin

add an entry to config/plugins to enable p0f:

    p0f

3. review settings in config/p0f.ini

At a minimum, `[main]socket_path` must be defined.

## Startup

In the contrib/ubuntu-upstart directory is a config file (p0f.conf) for Ubuntu.

In the contrib/bsd-rc.d directory is a startup file for FreeBSD.

[ci-img]: https://github.com/haraka/haraka-plugin-p0f/actions/workflows/ci.yml/badge.svg

[ci-url]: https://github.com/haraka/haraka-plugin-p0f/actions/workflows/ci.yml

[clim-img]: https://codeclimate.com/github/haraka/haraka-plugin-p0f/badges/gpa.svg

[clim-url]: https://codeclimate.com/github/haraka/haraka-plugin-p0f