Marco Nenciarini
2006-Sep-23 15:32 UTC
[Logcheck-devel] Bug#389047: ignore.d.server/postfix rules needs an upgrade
Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch
If you install amavisd-new with postfix with the suggested lmtp
configuration, for every message your rystem process you get a line
like this:
Sep 23 12:05:00 debian postfix/lmtp[22445]: X7677136048: to=<xxxxx at
yahoo.it>, relay=127.0.0.1[127.0.0.1]:10024, conn_use=2, delay=35,
delays=2.4/31/0/1.6, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=24109-07-2, from
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5366915304K)
The shipped rule related to the previous line is the following:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE,
id=[-0-9]+))*\)$
But doe not works because MTA cannot be followed by an MTA
description.
The attached patch correct this.
Ciao
P.S: the attached patch contains also the fix for #385001
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500,
'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-k7
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.4 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
logcheck-database/standard-rename-note:
--
---------------------------------------------------------------------
| Marco Nenciarini | Debian/GNU Linux Developer - Plug Member |
| mnencia at prato.linux.it | http://www.prato.linux.it/~mnencia |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
-------------- next part --------------
--- postfix.orig 2006-09-23 17:30:03.000000000 +0200
+++ postfix 2006-09-23 17:31:02.000000000 +0200
@@ -59,17 +59,17 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL
command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error
from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_spf_result: unknown SPF result 4 \(unknown\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE,
id=[-0-9]+))*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok: queued as
[0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent
\(delivered to command: exec /usr/bin/procmail\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+
designates [0-9a-f.:]{3,39} as permitted sender$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.[:digit:]]{1,16}:)?(smtp(s)?|25|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start
interval \w{3} [ :0-9]{11}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics:
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060923/546269c6/attachment.pgp