thr3ads.net - Logcheck devel - [Logcheck-devel] Bug#385001: logcheck-database: 2 broken rules in ignore.d.server/postfix [Aug 2006]

If this information is useful, please help other people find it:
Share via:

Bernd Zeimetz

2006-Aug-28 12:19 UTC

[Logcheck-devel] Bug#385001: logcheck-database: 2 broken rules in ignore.d.server/postfix

Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch

Heya,

2 of the postfix rules in ignore.d.server are broken/buggy, please apply
the attached patch.

In
[...] [[:alnum:]]+: resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]+>$
is the + missing at the end of the line ---------------------------^

and in
[...] statistics: max (message [...] )?(smtp(s)?|25|587): [...]
port number 25 should be accepted, too ----------^^


Thanks,

Bernd

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500,
'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.7-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.3      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false
-------------- next part --------------
diff -cr logcheck-1.2.47.old/rulefiles/linux/ignore.d.server/postfix
logcheck-1.2.47/rulefiles/linux/ignore.d.server/postfix
*** logcheck-1.2.47.old/rulefiles/linux/ignore.d.server/postfix	Mon Aug 28
14:00:18 2006
--- logcheck-1.2.47/rulefiles/linux/ignore.d.server/postfix	Mon Aug 28 14:02:27
2006
***************
*** 59,65 ****
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]>$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
--- 59,65 ----
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]+>$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
***************
*** 69,75 ****
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE,
id=[-0-9]+))*\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent
\(delivered to command: exec /usr/bin/procmail\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+
designates [0-9a-f.:]{3,39} as permitted sender$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start
interval \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics:
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$
--- 69,75 ----
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE,
id=[-0-9]+))*\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent
\(delivered to command: exec /usr/bin/procmail\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+
designates [0-9a-f.:]{3,39} as permitted sender$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.[:digit:]]{1,16}:)?(smtp(s)?|25|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start
interval \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics:
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$

Bernd Zeimetz

2006-Aug-28 16:51 UTC

head link

[Logcheck-devel] Bug#385001: Acknowledgement (logcheck-database: 2 broken rules in ignore.d.server/postfix)

Heya,

the resent-messages line is obviously still not completely fixed, sorry.
I've attached a new patch which will make sure ids like

2 one postfix/cleanup: 9A74170000A0:
resent-message-id=<1W_3hD.A.F6E.LVx8EB at murphy>

get filtered, too.


Best regards,

Bernd
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: logcheck_postfix.patch
Url:
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060828/85d9b93d/attachment.txt

Logcheck devel - Aug 2006 - Bug#385001: logcheck-database: 2 broken rules in ignore.d.server/postfix

[Logcheck-devel] Bug#385001: logcheck-database: 2 broken rules in ignore.d.server/postfix

[Logcheck-devel] Bug#385001: Acknowledgement (logcheck-database: 2 broken rules in ignore.d.server/postfix)