There are two ways to collect fingerprint from p0f:

UDP: p0f-analyzer.pm + p0f-analyzer.cf + p0f-analyzer.pl + p0f

      1, run p0f-analyzer.pl as "p0f-analyzer.pl 2345"

      2, edit p0f-analyzer.cf and it should look like:

         use_p0f 1          # 1 enable, 0 disable
         p0f_host 127.0.0.1 #the ip of your MX host
         p0f_port 2345      #the port that p0f-analyzer.pl is listening 
         
      3, copy p0f-analyzer.pm and p0f-analyzer.cf to /etc/mail/spamassassin/

      4, load p0f-analyzer.pm plugin in v320.pre like:
      
         loadplugin P0f /etc/mail/spamassassin/p0f-analyzer.pm  
      
      5, if you are using amavisd-new, you can add p0f-analyzer.pm in 
         /etc/amavisd.conf so amavisd can load the plugin when amavisd startup:
       
          @additional_perl_modules = qw(
             /etc/mail/spamassassin/p0f-analyzer.pm
             ...
             ...
          );
     

UNIX SOCKET: p0f-x86.pm + p0f-socket.cf + p0f
  
     1, run p0f as "p0f -l 'dst port 25' -Q /var/run/p0f.sock -0 >> /dev/null & "

     2, copy p0f-x86.pm, p0f-socket.cf to /etc/mail/spamassassin 

     3, load p0f-x86.pm plugin in v320.pre like:
      
         loadplugin P0f /etc/mail/spamassassin/p0f-x86.pm  

     4, if you are using amavisd-new, you can add p0f-x86.pm in 
         /etc/amavisd.conf so amavisd can load the plugin when amavisd startup:
       
          @additional_perl_modules = qw(
             /etc/mail/spamassassin/p0f-x86.pm
             ...
             ...
          );
       
To test if it works, send email from external server/ip and watch rules like L_P0F..     

Note: The SA p0f plugin only flag the first untrusted relay to your mx server, 
      ie. the first untrusted relay host/ip relaying email to your mx server. 
      When you run a test message, the message should be from external server/ip, 
      not your trusted/LAN ip.