Pryzby, Justin
2007-May-22 23:27 UTC
[Logcheck-devel] Bug#425642: logcheck-database: please support postfix delay_reject=no
Package: logcheck-database
Version: 1.2.54
Severity: wishlist
Tags: patch
The patch would be even uglier if the patterns were united some more;
in particular "hello command rejected". (Actually, that part of this
patch isn't actually for delay_reject=no).
--- /tmp/logcheck-postfix.orig 2007-05-22 19:20:37.577656308 -0400
+++ /etc/logcheck/violations.ignore.d/logcheck-postfix 2007-05-22
19:22:53.794204546 -0400
@@ -1,12 +1,12 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[.[:digit:]]+: hostname [^[:space:]]+ verification failed: (Host not found|Host
name has no address|Name or service not known|Temporary failure in name
resolution)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9]( [0-9]\.[0-9]\.[0-9])? Client
host rejected: cannot find your hostname, [^[:space:]]+; from=[^[:space:]]+
to=[^[:space:]]+ proto=(ESMTP|SMTP) helo=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9]( [45](\.[[:digit:]]){2})?
<[^[:space:]]+>: (Sender|Recipient) address rejected: .+;
from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
reject: (CONNECT|RCPT) from [^[:space:]]+: [45][0-9][0-9]( [0-9]\.[0-9]\.[0-9])?
Client host rejected: cannot find your hostname, [^[:space:]]+;
(from=[^[:space:]]+ to=[^[:space:]]+ )?proto=(ESMTP|SMTP)( helo=[^[:space:]]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( [45](\.[[:digit:]]){2})?
<[^[:space:]]+>: (Sender|Recipient) address rejected: .+;
from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9]( [45](\.[[:digit:]]){2})?
<[^[:space:]]+>: Helo command rejected: .+; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3}( [45](\.[[:digit:]]){2})?
<[^[:space:]]+>: Relay access denied; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9]( [45](\.[[:digit:]]){2})?
Service unavailable; Sender address \[[^[:space:]]+\] blocked using
[._[:alnum:]-]+;( .*;)? from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9]( [45](\.[[:digit:]]){2})?
Service unavailable; Client host \[[0-9.]{7,15}\] blocked using
[._[:alnum:]-]+;( .*;)? from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (CONNECT|RCPT) from [^[:space:]]+: [45][0-9][0-9](
[45](\.[[:digit:]]){2})? Service unavailable; Client host \[[0-9.]{7,15}\]
blocked using [._[:alnum:]-]+;( .*;)? (from=<[^[:space:]]*>
to=<[^[:space:]]+> )?proto=(ESMTP|SMTP)( helo=<[^[:space:]]+>)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>: User
unknown in local recipient table; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
(NOQUEUE|[[:xdigit:]]+): reject: HELO from [^[:space:]]+\[[0-9.]{7,15}\]:
[45][0-9]{2}( [45](\.[0-9]){2})? <[^[:space:]]+>: Helo command rejected:
.+; proto=E?SMTP helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
(NOQUEUE|[[:xdigit:]]+): reject: (HE|EH)LO from [^[:space:]]+\[[0-9.]{7,15}\]:
[45][0-9]{2}( [45](\.[0-9]){2})? <[^[:space:]]+>: Helo command rejected:
.+; proto=E?SMTP helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: hostname [^[:space:]]+
verification failed: (Temporary failure in name resolution|Name or service not
known|No address associated with hostname)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: Peer verification:
CommonName in certificate does not match: [._*[:alnum:]-]+ != [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ said: [45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL
FROM|RCPT TO|(end of )?DATA) command\)$
martin f krafft
2007-Aug-30 16:22 UTC
[Logcheck-devel] Bug#425642: logcheck-database: please support postfix delay_reject=no
also sprach Pryzby, Justin <jpryzby+dbts at quoininc.com> [2007.05.23.0127 +0200]:> The patch would be even uglier if the patterns were united some more;I assume you mean the opposite and want to look at #376106 and send a patch? -- .''`. martin f. krafft <madduck at debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/) Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20070830/cf4c458f/attachment.pgp
Justin Pryzby
2007-Aug-30 17:03 UTC
[Logcheck-devel] Bug#425642: logcheck-database: please support postfix delay_reject=no
On Thu, Aug 30, 2007 at 06:22:08PM +0200, martin f krafft wrote:> also sprach Pryzby, Justin <jpryzby+dbts at quoininc.com> [2007.05.23.0127 +0200]: > > The patch would be even uglier if the patterns were united some more; > > I assume you mean the opposite and want to look at #376106 and send > a patch?I supplied a patch used locally to implement my requested feature. Some of the existing lines could be merged though, with regex | "alternation". Then each patch line would have been 400 characters long instead of 100. Justin