Colm G. Connolly
2004-Jul-22 10:22 UTC
[Logcheck-devel] Bug#260810: logcheck: ignore.d.server/postfix doesn't properly ignore some postfix messages
Package: logcheck
Version: 1.2.23
Severity: normal
Messages from postfix like these two below are not ignored by the regexpes
included in the ignore.d.server/postfix file. (These come from postfix
2.1.3-1 package.)
Jul 22 01:00:08 localhost postfix/lmtp[9415]: 8B7D8383ED4A: to=<root at
darwin.ucd.ie>, orig_to=<root>, relay=127.0.0.1[127.0.0.1], delay=0,
status=sent (250 2.6.0 Ok, id=07715-07, from MTA: 250 Ok: queued as
D63D1383ED4B)
Jul 21 01:05:01 localhost postfix/smtpd[27972]: warning: Illegal address syntax
from localhost[127.0.0.1] in MAIL command: jhagenoy@
The following patch to the ignore.d.server/postfix fixes these problems.
--- postfix-orig 2004-07-22 11:08:22.000000000 +0100
+++ postfix 2004-07-22 11:06:42.000000000 +0100
@@ -54,4 +54,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [.0-9]+ in address->name lookup for [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: <.*>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: <?.*>?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]:
to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\],
delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+:
to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>,
relay=[^[:space:]]+\[[^[:space:]]+\], delay=[0-9]+, status=sent \(250 2\.6\.0
Ok, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+\)$
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-darwin.4
Locale: LANG=en_IE at euro, LC_CTYPE=en_IE at euro
Versions of packages logcheck depends on:
ii adduser 3.57 Add and remove users and groups
ii cron 3.0pl1-83 management of regular background p
ii debconf [debconf 1.4.29 Debian configuration management sy
ii debianutils 2.8.3 Miscellaneous utilities specific t
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.23 A database of system log rules for
ii logtail 1.2.23 Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent
ii perl 5.8.3-3 Larry Wall's Practical
Extraction
ii postfix [mail-tr 2.1.3-1 A high-performance mail transport
ii sysklogd [system 1.4.1-10 System Logging Daemon
-- debconf information excluded
maks attems
2004-Jul-22 11:00 UTC
Bug#260810: [Logcheck-devel] Bug#260810: logcheck: ignore.d.server/postfix doesn't properly ignore some postfix messages
tags 260810 pending thanks On Thu, 22 Jul 2004, Colm G. Connolly wrote:> Package: logcheck > Version: 1.2.23 > Severity: normal > > Messages from postfix like these two below are not ignored by the regexpes > included in the ignore.d.server/postfix file. (These come from postfix > 2.1.3-1 package.) > > Jul 22 01:00:08 localhost postfix/lmtp[9415]: 8B7D8383ED4A: to=<root at darwin.ucd.ie>, orig_to=<root>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 2.6.0 Ok, id=07715-07, from MTA: 250 Ok: queued as D63D1383ED4B) > Jul 21 01:05:01 localhost postfix/smtpd[27972]: warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: jhagenoy@ > > The following patch to the ignore.d.server/postfix fixes these problems.great thanks for the patch!! fixed in current cvs, also removed duplicate postfix rule. will be in 1.2.24, which is imminent. a++ maks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040722/5bae99be/attachment.pgp
Debian Bug Tracking System
2004-Jul-22 11:18 UTC
Processed: Re: [Logcheck-devel] Bug#260810: logcheck: ignore.d.server/postfix doesn't properly ignore some postfix messages
Processing commands for control at bugs.debian.org:> tags 260810 pendingBug#260810: logcheck: ignore.d.server/postfix doesn't properly ignore some postfix messages There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2004-Jul-24 02:18 UTC
[Logcheck-devel] Bug#260810: marked as done (logcheck: ignore.d.server/postfix doesn't properly ignore some postfix messages)
Your message dated Fri, 23 Jul 2004 22:02:13 -0400 with message-id <E1BoBrZ-0003xQ-00 at newraff.debian.org> and subject line Bug#260810: fixed in logcheck 1.2.24 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 22 Jul 2004 10:22:56 +0000>From colmconn at darwin.ucd.ie Thu Jul 22 03:22:56 2004Return-path: <colmconn at darwin.ucd.ie> Received: from darwin.ucd.ie [193.1.132.217] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Bnaj2-00071Y-00; Thu, 22 Jul 2004 03:22:56 -0700 Received: from localhost (localhost [127.0.0.1]) by darwin.ucd.ie (Postfix) with ESMTP id DA2D9383ED4B; Thu, 22 Jul 2004 11:22:24 +0100 (IST) Received: from darwin.ucd.ie ([127.0.0.1]) by localhost (darwin [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 14842-03; Thu, 22 Jul 2004 11:22:24 +0100 (IST) Received: by darwin.ucd.ie (Postfix, from userid 1000) id 65C15383ED4A; Thu, 22 Jul 2004 11:22:24 +0100 (IST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Colm G. Connolly" <Colm.Connolly at ucd.ie> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck: ignore.d.server/postfix doesn't properly ignore some postfix messages X-Mailer: reportbug 2.63 Date: Thu, 22 Jul 2004 11:22:23 +0100 Message-Id: <20040722102224.65C15383ED4A at darwin.ucd.ie> X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at darwin.ucd.ie Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck Version: 1.2.23 Severity: normal Messages from postfix like these two below are not ignored by the regexpes included in the ignore.d.server/postfix file. (These come from postfix 2.1.3-1 package.) Jul 22 01:00:08 localhost postfix/lmtp[9415]: 8B7D8383ED4A: to=<root at darwin.ucd.ie>, orig_to=<root>, relay=127.0.0.1[127.0.0.1], delay=0, status=sent (250 2.6.0 Ok, id=07715-07, from MTA: 250 Ok: queued as D63D1383ED4B) Jul 21 01:05:01 localhost postfix/smtpd[27972]: warning: Illegal address syntax from localhost[127.0.0.1] in MAIL command: jhagenoy@ The following patch to the ignore.d.server/postfix fixes these problems. --- postfix-orig 2004-07-22 11:08:22.000000000 +0100 +++ postfix 2004-07-22 11:06:42.000000000 +0100 @@ -54,4 +54,5 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [.0-9]+ in address->name lookup for [^[:space:]]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: <.*>$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: <?.*>?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\[[^[:space:]]+\], delay=[0-9]+, status=sent \(250 2\.6\.0 Ok, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+\)$ -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.7-darwin.4 Locale: LANG=en_IE at euro, LC_CTYPE=en_IE at euro Versions of packages logcheck depends on: ii adduser 3.57 Add and remove users and groups ii cron 3.0pl1-83 management of regular background p ii debconf [debconf 1.4.29 Debian configuration management sy ii debianutils 2.8.3 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.23 A database of system log rules for ii logtail 1.2.23 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent ii perl 5.8.3-3 Larry Wall's Practical Extraction ii postfix [mail-tr 2.1.3-1 A high-performance mail transport ii sysklogd [system 1.4.1-10 System Logging Daemon -- debconf information excluded --------------------------------------- Received: (at 260810-close) by bugs.debian.org; 24 Jul 2004 02:08:02 +0000>From katie at ftp-master.debian.org Fri Jul 23 19:08:02 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BoBxC-0000dw-00; Fri, 23 Jul 2004 19:08:02 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1BoBrZ-0003xQ-00; Fri, 23 Jul 2004 22:02:13 -0400 From: Todd Troxell <ttroxell at debian.org> To: 260810-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#260810: fixed in logcheck 1.2.24 Message-Id: <E1BoBrZ-0003xQ-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Fri, 23 Jul 2004 22:02:13 -0400 Delivered-To: 260810-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 16 Source: logcheck Source-Version: 1.2.24 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.24_all.deb to pool/main/l/logcheck/logcheck-database_1.2.24_all.deb logcheck_1.2.24.dsc to pool/main/l/logcheck/logcheck_1.2.24.dsc logcheck_1.2.24.tar.gz to pool/main/l/logcheck/logcheck_1.2.24.tar.gz logcheck_1.2.24_all.deb to pool/main/l/logcheck/logcheck_1.2.24_all.deb logtail_1.2.24_all.deb to pool/main/l/logcheck/logtail_1.2.24_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 260810 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Friday, 23 Jul 2004 21:39:19 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.24 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 206495 213711 257874 258735 258759 259092 259094 259371 259466 260096 260102 260103 260105 260330 260382 260810 Changes: logcheck (1.2.24) unstable; urgency=low . eevans: * Added violations ignore rule for squid (Closes: #257874) maks * Added dhcpd-client, kernel, ntp, postfix rules. (Closes: #259094) * Added lots of postfix rules at level workstation for those, who wants to include /var/log/mail.log. (Closes: #206495) * Generalize "nobody" to "[_[:alnum:]-]+" for su rule. * Update rules ignore.d.paranoid/cron, ignore.d.paranoid/postfix. New courier rules merged and simplified from imap, impd-ssl and pop3d-ssl. thanks to Bastian Blank <waldi at debian.org>. (Closes: #258759) * Fix pid regex in cyrus rules. (Closes: #259092) * Added cyrus rules for notifyd. (Closes: #259466) * Make sure logtail gets a logfile to read, if not exit soon. Documented -o switch in logtail(8). (Closes: #259371) * Added logcheck-devel mail to logtail(8) and copyright. * Added userv rules. (Closes: #260105) * Generalize user match in spamd rule. (Closes: #260103) * Added a ippl rule at level workstation. (Closes: #260102) * Updated logcheck help message to all existent switches. Corrected logcheck command line parsing, -T needs no args. Use 6 'X' for mktemp(1) template. Better lock handling. (Closes: #260330) * Do not create unused /var/state/logcheck and really get rid of it. (Closes: #260096) * Added cs Translation. thanks Jan Outrata. (Closes: #260382) * Remove duplicate postfix rules, fix for remote string add lmtp rule. (Closes: #260810) todd: * Added 2 kernel rules for sparc workstations. * Added nearly 50 squid rules. (Closes: #213711) * Fix anacron Normal exit rule. * Move adduser from preinst to postinst (Closes: #258735) * Update pump and dhclient rules. Files: b12f7f6e9f7ee1c1ab93c11d06197436 670 admin optional logcheck_1.2.24.dsc fac761afff4056f62d05e0b0a49a8941 78439 admin optional logcheck_1.2.24.tar.gz b42736deefef2c9cbb27e596fe3453ca 38306 admin optional logcheck_1.2.24_all.deb 544fe294c31535dae713ca94746030c4 45540 admin optional logcheck-database_1.2.24_all.deb ab277c25932c9ef600581ebb1aa8f68c 22412 admin optional logtail_1.2.24_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAb4/4u3oQ3FHP2YRAteqAKDC5u2SOudNtfjaZvMM1gFdFIE1AQCfXBAm nUk8s8a4rlxDrmTdK7SD5XI=XQO7 -----END PGP SIGNATURE-----