Logcheck devel - May 2006 - Bug#368318: logcheck-database: update for postfix violations ignore rule

Package: logcheck-database
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

there is little problem with one rule in violations.ignore.d/logcheck-postfix.
The rule is only for the host sythos.net and the delay need to be variable
(it's
possible that the retry happen before 300 seconds are over).
I don't have an example because on my site only recipients are greylisted.

The attached patch is against the latest cvs version.

bye, Martin

- -- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (900, 'testing'), (100, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.1
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcFhrOvJj+wS6JuIRAo4lAKCptk4LGmgBi4sldoHqyxiB0gidJwCfVyGr
an2SJNS0VoSUFylSa75z1XQ=ORmv
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: logcheck-postfix
==================================================================RCS file:
/cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-postfix,v
retrieving revision 1.23
diff -u -r1.23 logcheck-postfix
--- logcheck-postfix	11 Jul 2005 14:41:26 -0000	1.23
+++ logcheck-postfix	21 May 2006 12:05:55 -0000
@@ -22,6 +22,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=27:certificate not trusted$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer
name verification failed for [^[:space:]]+: [[:digit:]]+ dNSNames in certificate
found, but none matches
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer
name verification failed for [^[:space:]]+: CommonName mis-match:(
[._[:alnum:]-]+)?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client
host rejected: Greylisted for 300 seconds \(see
http://isg.ee.ethz.ch/tools/postgrey/help/sythos.net.html\);
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client
host rejected: Greylisted for [0-9]+ seconds \(see
http://isg.ee.ethz.ch/tools/postgrey/help/.*.html\); from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent
\(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$

package logcheck-database
tags 368318 pending
thanks

On 21 May 2006, at 13:09, Martin Lohmeier wrote:
> Package: logcheck-database
> Severity: normal
Next time please could you include the version.
> there is little problem with one rule in violations.ignore.d/ 
> logcheck-postfix.
> The rule is only for the host sythos.net and the delay need to be  
> variable (it's
> possible that the retry happen before 300 seconds are over).
> I don't have an example because on my site only recipients are  
> greylisted.
This will be fixed in the next release.

Thanks for your bug report!

-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060604/fa29aa83/attachment.pgp

Processing commands for control at bugs.debian.org:
> package logcheck-database
Ignoring bugs not assigned to: logcheck-database
> tags 368318 pending
Bug#368318: logcheck-database: update for postfix violations ignore rule
There were no tags set.
Tags added: pending
> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

also sprach Martin Lohmeier <martin at mein-horde.de> [2006.05.21.1409
+0200]:
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
[[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9]
<[^[:space:]]+>: Client host rejected: Greylisted for 300 seconds \(see
http://isg.ee.ethz.ch/tools/postgrey/help/sythos.net.html\);
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
[[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9]
<[^[:space:]]+>: Client host rejected: Greylisted for [0-9]+ seconds \(see
http://isg.ee.ethz.ch/tools/postgrey/help/.*.html\); from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
If updating, then please also do not hard code the URL. In our
installations, we changed that URL to our own CGI.

Also, '.' is any character, so all the . in the URL should be
escaped.
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent
\(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
And on the side, this rule is also too specific, isn't it?

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck at debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060703/858f65bf/attachment.pgp