Thomas Mueller
2009-Jan-05 08:35 UTC
[Logcheck-devel] Bug#510832: Updated rules for postfix-policyd
Package: logcheck-database Version: 1.2.68~bpo40+2 I created a new ruleset for postfix-policyd (see the attachment). Please consider replacing the old ones. for postfix-policyd 2 ignore.d.server files are included. # dpkg -L logcheck-database | grep policyd /etc/logcheck/ignore.d.server/policyd /etc/logcheck/ignore.d.server/postfix-policyd the actual package name is postfix-policyd. Maybe the "policyd" file can be removed? - Thomas -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: postfix-policyd Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090105/eb5b8a71/attachment.txt
Frédéric Brière
2009-Aug-21 02:16 UTC
[Logcheck-devel] Bug#510832: Updated rules for postfix-policyd
On Mon, Jan 05, 2009 at 09:35:47AM +0100, Thomas Mueller wrote:> I created a new ruleset for postfix-policyd (see the attachment).Thanks very much. To be thorough, I looked through the postfix-policyd source code and added all the possible modules in there. The result is a bit unwieldy, so I was wondering if you'd be willing to give it a try, to make sure I didn't screw up?> the actual package name is postfix-policyd. Maybe the "policyd" file > can be removed?Will do. -- Being overloaded is the sign of a true Debian maintainer. -- JHM on #Debian -------------- next part -------------- ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: connection from: [._[:alnum:]-]+ port: [[:digit:]]+ slots: [[:digit:]]+ of [[:digit:]]+ used$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, ((blacklist|blacklist_sender|blacklist_dnsname)=block|blacklist_helo=new|greylist=(optout|abl|new|new_train|abuse|awl|update|update_train)|helo=abuse|spamtrap=new|(whitelist|whitelist_sender|whitelist_dnsname)=update|bypass), host=[[:digit:].]+ \([._[:alnum:]-]+\), from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+( helo=[^[:space:]]+)?( expire=[[:digit:]]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, throttle(_rcpt)?=(new\(a\)|abuse\(f\)|clear\(a\)|blacklisted\(f\)|update\([[:alpha:]]\)), host=[[:digit:].]+, from=[^[:space:]]+, to=[^[:space:]]+(, size=[[:digit:]]+/[[:digit:]]+)?(, quota=[[:digit:]]+/[[:digit:]]+)?, count=[[:digit:]]+/[[:digit:]]+\([[:digit:]]+\), rcpt=[[:digit:]]+/[[:digit:]]+\([[:digit:]]+\)(, abuse=[[:digit:]]+)?, threshold=[[:digit:]]+%\|[[:digit:]]+%\|[[:digit:]]%(, sasl_username=[._[:alnum:]-]+)?$ # The cleanup process is run once every night ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: clean up process starting: policyd v[[:digit:].]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: connecting to mysql database:( [._[:alnum:]-]+)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: connected\.\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring (validated|unvalidated|autowhitelisted|helo|throttlesender|throttlerecipient|training policies) records older than [[:digit:]]+ days \([[:digit:]]+\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring blacklisted records \([[:digit:]]+\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring throttlesender instances older than 1 hour \([[:digit:]]+\)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expired: [[:digit:]]+ records$