Jamie L. Penman-Smithson
2004-Jul-15 17:50 UTC
[Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations
package: logcheck-database
version: 1.2.23
severity: wishlist
The current regexp's for postfix/lmtp..
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]:
to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\],
delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$
..doesn't catch these messages:
Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at
silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0
Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E)
Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E:
to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at
silverdream.org>,
relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0,
status=sent (250 2.1.5 Ok)
The first is the message being relayed to amavisd-new and the second
it's delivered to the cyrus socket.
I fiddled but could only get to this point:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-Z]+:
to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+, status=sent
\(250 2\.6\.0 Ok.*$
It matches:
Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at
silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0
Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E)
However the .* at the end needs improving.. I think the former message
didn't match because it lacks an orig_to, and the regexp only has '250
2.1.5 Ok' as a response.
I'm assuming this doesn't match because of the path as a relay..?
Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E:
to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at
silverdream.org>,
relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0,
status=sent (250 2.1.5 Ok)
I'm relatively new to regular expressions and this is beyond me, I'd be
interested to see if you can come up with a fix if possible :)
-j
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
01:30:01 up 13 days, 3:46, 13 users, load average: 0.20, 0.35, 0.40
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040715/9a6f4c4b/attachment.pgp
maks attems
2004-Jul-22 11:05 UTC
Bug#259603: [Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations
tags 259603 pending thanks hello jamie, On Thu, 15 Jul 2004, Jamie L. Penman-Smithson wrote:> package: logcheck-database > version: 1.2.23 > severity: wishlist > > The current regexp's for postfix/lmtp.. > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]: > to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\], > delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$ > > ..doesn't catch these messages: > > Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E) > Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok) > > The first is the message being relayed to amavisd-new and the second > it's delivered to the cyrus socket. > > I fiddled but could only get to this point: > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-Z]+: > to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+, status=sent > \(250 2\.6\.0 Ok.*$ > > It matches: > > Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E) > > However the .* at the end needs improving.. I think the former message > didn't match because it lacks an orig_to, and the regexp only has '250 > 2.1.5 Ok' as a response. > > I'm assuming this doesn't match because of the path as a relay..? > > Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok) > > I'm relatively new to regular expressions and this is beyond me, I'd be > interested to see if you can come up with a fix if possible :)i've been quite busy lately, so no time to fix that, but fortunately we got a new bug filled #260810 with perfect rule. it's already in cvs and will get in next logcheck version 1.2.24 please test it :) just copying: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\[[^[:space:]]+\], delay=[0-9]+, status=sent \(250 2\.6\.0 Ok, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+\)$ hope that helps a++ maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040722/7e4e20c7/attachment.pgp
maks attems
2004-Jul-22 11:14 UTC
Bug#259603: [Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations
tags 259603 - pending thanks On Thu, 15 Jul 2004, Jamie L. Penman-Smithson wrote:> ..doesn't catch these messages: > > Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E) > Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok) > > The first is the message being relayed to amavisd-new and the second > it's delivered to the cyrus socket.ohh overlooked the cyrus one, so only half done, removing pending, will look again in it in 3 weeks or so if not somebody else does in between. (holydays) a++ maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040722/f2b44208/attachment.pgp
Debian Bug Tracking System
2004-Jul-22 11:18 UTC
Processed: Re: [Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations
Processing commands for control at bugs.debian.org:> tags 259603 pendingBug#259603: logcheck-database: postfix/lmtp rules do not match some configurations There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2004-Jul-22 11:18 UTC
Processed: Re: [Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations
Processing commands for control at bugs.debian.org:> tags 259603 - pendingBug#259603: logcheck-database: postfix/lmtp rules do not match some configurations Tags were: pending Tags removed: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2004-Aug-14 03:33 UTC
[Logcheck-devel] Bug#259603: marked as done (logcheck-database: postfix/lmtp rules do not match some configurations)
Your message dated Fri, 13 Aug 2004 23:17:03 -0400 with message-id <E1Bvp2V-0002Ht-00 at newraff.debian.org> and subject line Bug#259603: fixed in logcheck 1.2.25 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 15 Jul 2004 17:51:36 +0000>From jamie at silverdream.org Thu Jul 15 10:51:36 2004Return-path: <jamie at silverdream.org> Received: from lorien.silverdream.org [62.3.218.19] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BlAON-0006OI-00; Thu, 15 Jul 2004 10:51:36 -0700 Received: from localhost (localhost [127.0.0.1]) by lorien.silverdream.org (Postfix) with ESMTP id B67FF480008E for <submit at bugs.debian.org>; Thu, 15 Jul 2004 18:51:02 +0100 (BST) Received: from lorien.silverdream.org ([127.0.0.1]) by localhost (lorien.silverdream.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 18038-04-2 for <submit at bugs.debian.org>; Thu, 15 Jul 2004 18:50:59 +0100 (BST) Received: from oasis.silverdream.hq (pegasus.pinklemon.net [62.3.218.17]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by lorien.silverdream.org (Postfix) with ESMTP id C3B8E480008B for <submit at bugs.debian.org>; Thu, 15 Jul 2004 18:50:59 +0100 (BST) Subject: logcheck-database: postfix/lmtp rules do not match some configurations From: "Jamie L. Penman-Smithson" <jamie at silverdream.org> Reply-To: jamie at silverdream.org To: submit at bugs.debian.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-jJebLiGtaf3UEFtes/JA" Organization: PinkLemon Internet Services Message-Id: <1089913859.1429.59.camel at oasis.silverdream.hq> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Thu, 15 Jul 2004 18:50:59 +0100 X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at silverdream.org Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: --=-jJebLiGtaf3UEFtes/JA Content-Type: text/plain Content-Transfer-Encoding: quoted-printable package: logcheck-database version: 1.2.23 severity: wishlist The current regexp's for postfix/lmtp.. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]: to=3D<[^[:space:]]+>, orig_to=3D<[^[:space:]]+>, relay=3D[^[:space:]]+\], delay=3D[0-9]+ status=3Dsent \(250 2\.1\.5 Ok\)$ ..doesn't catch these messages: Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=3D<devnull at silverdream.org>, relay=3D127.0.0.1[127.0.0.1], delay=3D8, status=3Dsent (250 2.6.0 Ok, id=3D15483-07, from MTA: 250 Ok: queued as 6D11E480008E) Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=3D<devnull.silverdream.org at silverdream.org>, orig_to=3D<devnull at silverdream.org>, relay=3D/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=3D0, status=3Dsent (250 2.1.5 Ok) The first is the message being relayed to amavisd-new and the second it's delivered to the cyrus socket. I fiddled but could only get to this point: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-Z]+: to=3D<[^[:space:]]+>, relay=3D[^[:space:]]+\], delay=3D[0-9]+, status=3Dsent \(250 2\.6\.0 Ok.*$ It matches: Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=3D<devnull at silverdream.org>, relay=3D127.0.0.1[127.0.0.1], delay=3D8, status=3Dsent (250 2.6.0 Ok, id=3D15483-07, from MTA: 250 Ok: queued as 6D11E480008E) However the .* at the end needs improving.. I think the former message didn't match because it lacks an orig_to, and the regexp only has '250 2.1.5 Ok' as a response. I'm assuming this doesn't match because of the path as a relay..? Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=3D<devnull.silverdream.org at silverdream.org>, orig_to=3D<devnull at silverdream.org>, relay=3D/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=3D0, status=3Dsent (250 2.1.5 Ok) I'm relatively new to regular expressions and this is beyond me, I'd be interested to see if you can come up with a fix if possible :) -j --=20 -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 01:30:01 up 13 days, 3:46, 13 users, load average: 0.20, 0.35, 0.40 --=-jJebLiGtaf3UEFtes/JA Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBA9sQC0mxM1DK1CAsRAoz4AJ4gNSSVevqRkADtor7j6SagSLaC8QCeMbwr vDd5ro2aPRn19/2lGkZE2NQ=jD+1 -----END PGP SIGNATURE----- --=-jJebLiGtaf3UEFtes/JA-- --------------------------------------- Received: (at 259603-close) by bugs.debian.org; 14 Aug 2004 03:23:07 +0000>From katie at ftp-master.debian.org Fri Aug 13 20:23:07 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bvp8N-0007kR-00; Fri, 13 Aug 2004 20:23:07 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Bvp2V-0002Ht-00; Fri, 13 Aug 2004 23:17:03 -0400 From: Todd Troxell <ttroxell at debian.org> To: 259603-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#259603: fixed in logcheck 1.2.25 Message-Id: <E1Bvp2V-0002Ht-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Fri, 13 Aug 2004 23:17:03 -0400 Delivered-To: 259603-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 3 Source: logcheck Source-Version: 1.2.25 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.25_all.deb to pool/main/l/logcheck/logcheck-database_1.2.25_all.deb logcheck_1.2.25.dsc to pool/main/l/logcheck/logcheck_1.2.25.dsc logcheck_1.2.25.tar.gz to pool/main/l/logcheck/logcheck_1.2.25.tar.gz logcheck_1.2.25_all.deb to pool/main/l/logcheck/logcheck_1.2.25_all.deb logtail_1.2.25_all.deb to pool/main/l/logcheck/logtail_1.2.25_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 259603 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Friday, 13 Aug 2004 22:54:13 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.25 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 193161 255932 259603 262327 264158 265176 265588 Changes: logcheck (1.2.25) unstable; urgency=low . todd: * Small rule updates for dhclient, ntp, bind, kernel, bonobo, qmail, proftpd, ntpd, gconf, dovecot, su, samba, postfix (Closes: #259603, #264158) * Add line to logcheck.postinst to remove header.txt on purge * Add check to exit if running script as root. eevans: * Added violations.ignore.d/logcheck-spamd rule, (Closes: #262327) maks: * Re-format NEWS.Debian into Debian changelog format (Closes: #255932) * Remove /var/state/logcheck from debian/logcheck.dirs. * Small rule updates for pdns, pop3d-ssl, postfix, scponly. * Ack woody security fix. (Closes: #193161) * Small rule updates for dhcpd, kernel, nagios, postfix, rsnapshot thanks to Peter Palfrader <weasel at debian.org>. * Add gps policy server rules. (Closes: #265176) * Fix port match in oidentd rules. (Closes: #265588) Files: 03047f6b2624f3767b8f0fa6f158865f 670 admin optional logcheck_1.2.25.dsc 6bbafe7f10b1fadcf159024d07ba94f0 79916 admin optional logcheck_1.2.25.tar.gz 2d8391aea6d41426fe144d493bd4bb4b 38584 admin optional logcheck_1.2.25_all.deb 8f8a2663fc61fab076b900164a6be8ea 47118 admin optional logcheck-database_1.2.25_all.deb e2b3c988fb0ff5b5e3f71ee36fbf4af1 22654 admin optional logtail_1.2.25_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBHX+h4u3oQ3FHP2YRAsPlAJwJ4U7YUiIt/IJnG0P05HqMXr70yQCdE2JD 7F4nsnZW3wofwJVsp3qRfGs=XcZt -----END PGP SIGNATURE-----
Reasonably Related Threads
- Bug#300888: logcheck-database: database skip postgrey ignore pattern
- Bug#309772: please add ignore lines for autossh
- Bug#306695: nagios: logcheck lines, please
- Postfix + Doveot SASL
- Bug#296017: logcheck: ignore.d.server pure-ftpd user with trailing whitespace