Your message dated Sat, 16 Aug 2025 13:12:37 +0100
with message-id 
<caj3buot3jachiohs9pk1nz3ean6jpesyqv556zeuzjn6vyb...@mail.gmail.com>
and subject line Re: bad rule in ignore for saslauthd (patch included)
has caused the Debian Bug report #690145,
regarding saslauthd rules - pam failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
690145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690145
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: logcheck
Version: 1.3.15
Severity: normal
Tags: patch


New versions of saslauthd say "pam_unix(smtp:auth)" instead of "(pam_unix)". 
New rule is:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
pam_unix\(smtp:auth\) authentication failure; logname= uid=0 euid=0 tty= ruser= 
rhost=( [[:space:]]*user=[-._[:alnum:]]+)?$


-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.14.5-x86-linode61 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser                         3.113+nmu3
ii  cron                            3.0pl1-124
ii  lockfile-progs                  0.1.17
ii  logtail                         1.3.15
ii  mime-construct                  1.11
ii  postfix [mail-transport-agent]  2.9.6-2
ii  rsyslog [system-log-daemon]     5.8.11-3+deb7u2

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.15

Versions of packages logcheck suggests:
pn  syslog-summary  <none>

-- Configuration Files:
/etc/logcheck/logcheck.conf changed:
REPORTLEVEL="server"
SENDMAILTO="[email protected]"
FQDN=1


-- debconf information:
  logcheck/changes:
* logcheck/install-note:

--- End Message ---
--- Begin Message ---
On Tue, 28 May 2024 00:24:21 +0100 Richard Lewis
<[email protected]> wrote:
> On Wed, 10 Oct 2012 09:24:26 -0400 CJ Fearnley <[email protected]> wrote:
>
> > File: /etc/logcheck/ignore.d.server/saslauthd
>
> > The following patch fixes a bug in the regex for ignoring
> > useless lines from saslauthd authentication failures
> > (/etc/logcheck/ignore.d.server/saslauthd) on this Squeeze system:
> >
>
> > -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
> > \(pam_unix\) check pass; user unknown$
> > +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: 
> > pam_unix\(:auth\): check pass; user unknown$
>
> This looks to still apply some 12 years later, in the sense that the rules 
> have
>
> <usual prefix with saslauthd +PID>: \(pam_unix\) check pass; user unknown$
>
> But im unclear that the new line ' pam_unix\(:auth\): check pass; user
> unknown' is the right solution in 2024 - I'd expect something like:
>   pam_unix\(????:auth\): check pass; user unknown$
>
> but i dont know what the ???? would be.
>
> Think we need an update before this can be applied.

A year later, closing as the suggested rules do not look valid. If
there some issue with rules for saslauthd, please reopen with updated
suggestion.
(Im not sure we should even be hiding messages about unknown users
logging in at all?)

--- End Message ---

Reply via email to