Kevin Locke
2011-Sep-22 19:05 UTC
[Logcheck-devel] Bug#642466: logcheck-database: Should ignore postfix proxy-accept log messages
Package: logcheck-database Severity: normal Dear Maintainer, When configured to use an smtpd_proxy_filter (e.g. with spampd), postfix reports the status of the proxy request when it receives the proxy's END-OF-DATA reply. The log message is generated in data_cmd() at around src/smtpd/smtpd.c:3133 and is logged for each email message. For successfully delivered emails, this message is always safe to ignore while for rejections (which occur when a message is filtered by the proxy) the message is usually safe to ignore. To ignore only the successful deliveries, the following rule should be sufficient: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: proxy-accept: END-OF-MESSAGE: 250 ([[:digit:].]+ )?Ok: queued as [[:upper:][:digit:]]+; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$ And to ignore all proxy filter delivery messages: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: proxy-(accept|reject): END-OF-MESSAGE: [[:digit:]]{3} ([[:digit:].]+ )?.*; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$ I would suggest the second rule be added to ignore.d.server/postfix and I am unsure if the first might be suitable for ignore.d.paranoid/postfix or if successful deliveries should still be reported. Cheers, Kevin -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.0.4-kevinoid1 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
Seemingly Similar Threads
- Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
- Bug#700851: logcheck-database: postfix ignore.d.server now logs on the same line sasl_method, sasl_username AND sasl_sender, rule must be updated
- Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
- Bug#276317: logcheck-database: Namechange for ISC in /etc/logcheck/ignore.d.server/dhcp
- Bug#368313: logcheck-database: new postfix violations ignore rule