Sven, > 1. does anybody know if there are any problems regarding running > the mail server with p0f behind a Cisco PIX firewall??
No experience there, but PIX has a long history of badly interfering with ESMTP protocol, so I'm not surprised it also breaks p0f fingerprints. The 'fixup protocol smtp' should be disabled unless one is using a pre-historic version of MTA, or letting internal hosts talk SMTP directly with outside. The p0f works just fine behind a Checkpoint fw. Btw, p0f could probably be running on a host in front of a firewall, which can snoop on external network (e.g. mirrored port). Mark
