Logcheck devel - Oct 2004 - Mailscanner + postfix in logcheck

Hello i'm currently using logcheck 1.2.28 , mailscanner 4.34.4-1 and
postfix 2.1.4-5 obviusly on a debian sid.

Logcheck work fine, but some messages i think can be ignored...
I wrote some line to add it to postfix file and mailscanner file in
ingnore.d.server :

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]:
[[:alnum:]]+: hold: header Received: by [[:alnum:]]+ .*$

example of the log:
...
Oct  5 23:53:35 ZeuS postfix/pickup[31721]: AB5D034975: uid=0 from=<root>
Oct  5 23:53:35 ZeuS postfix/cleanup[31763]: AB5D034975: hold: header
Received: by mail.no-net.org (Postfix, from userid 0)??id AB5D034975; Tue,
 5 Oct 2004 23:53:35 +0200 (CEST) from local; from=<miasma at no-net.org>
to=<miasma at no-net.org>
Oct  5 23:53:35 ZeuS postfix/cleanup[31763]: AB5D034975:
message-id=<20041005215335.AB5D034975 at mail.no-net.org>
Oct  5 23:53:40 ZeuS MailScanner[30539]: New Batch: Scanning 1 messages,
434 bytes
...

This messages appear everytimes postfix give an email to mailscanner so it
can check it.

Please add flock Locktype:

MailScanner\[[0-9]+\]: Using locktype = flock

Log example:
...
Oct  5 23:06:37 ZeuS MailScanner[30539]: Using locktype = flock
...

Thank for your work, i hope i've done a good work and that it can be
useful to someone other me..

Regards
Fabio Borraccetti

On Wed, 06 Oct 2004, miasma at no-net.org wrote:
> Hello i'm currently using logcheck 1.2.28 , mailscanner 4.34.4-1 and
> postfix 2.1.4-5 obviusly on a debian sid.
> 
> Logcheck work fine, but some messages i think can be ignored...
> I wrote some line to add it to postfix file and mailscanner file in
> ingnore.d.server :
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]:
> [[:alnum:]]+: hold: header Received: by [[:alnum:]]+ .*$
> 
> example of the log:
> ...
> Oct  5 23:53:35 ZeuS postfix/pickup[31721]: AB5D034975: uid=0
from=<root>
> Oct  5 23:53:35 ZeuS postfix/cleanup[31763]: AB5D034975: hold: header
> Received: by mail.no-net.org (Postfix, from userid 0)??id AB5D034975; Tue,
>  5 Oct 2004 23:53:35 +0200 (CEST) from local; from=<miasma at
no-net.org>
> to=<miasma at no-net.org>
> Oct  5 23:53:35 ZeuS postfix/cleanup[31763]: AB5D034975:
> message-id=<20041005215335.AB5D034975 at mail.no-net.org>
> Oct  5 23:53:40 ZeuS MailScanner[30539]: New Batch: Scanning 1 messages,
> 434 bytes
> ...
hmm please use '[._[:alnum:]-]+' to match an hostname,
'.*' should only be used for remote strings, where we have no clue.
could you try to get a more complete and tested rule?
please also file a bug report with some more loglines to match against?
 
> This messages appear everytimes postfix give an email to mailscanner so it
> can check it.
> 
> Please add flock Locktype:
> 
> MailScanner\[[0-9]+\]: Using locktype = flock
> 
> Log example:
> ...
> Oct  5 23:06:37 ZeuS MailScanner[30539]: Using locktype = flock
> ...
good start, but please follow style of:
 /usr/share/doc/logcheck-database/README.logcheck-database.gz
that is matching the hole logline. you have plenty of examples
in logcheck-database.
 
> Thank for your work, i hope i've done a good work and that it can be
> useful to someone other me..
again thanks for your message,
please try to enhance your aboves rules for inclusion,
and submit a bug report, so that logcheck maintainers don't forget
about it.

 
--
maks