Your message dated Sat, 16 Aug 2025 13:12:37 +0100 with message-id <caj3buot3jachiohs9pk1nz3ean6jpesyqv556zeuzjn6vyb...@mail.gmail.com> and subject line Re: bad rule in ignore for saslauthd (patch included) has caused the Debian Bug report #690145, regarding saslauthd rules - pam failure to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 690145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690145 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: logcheck Version: 1.3.15 Severity: normal Tags: patch New versions of saslauthd say "pam_unix(smtp:auth)" instead of "(pam_unix)". New rule is: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: pam_unix\(smtp:auth\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=( [[:space:]]*user=[-._[:alnum:]]+)?$ -- System Information: Debian Release: 7.8 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.14.5-x86-linode61 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logcheck depends on: ii adduser 3.113+nmu3 ii cron 3.0pl1-124 ii lockfile-progs 0.1.17 ii logtail 1.3.15 ii mime-construct 1.11 ii postfix [mail-transport-agent] 2.9.6-2 ii rsyslog [system-log-daemon] 5.8.11-3+deb7u2 Versions of packages logcheck recommends: ii logcheck-database 1.3.15 Versions of packages logcheck suggests: pn syslog-summary <none> -- Configuration Files: /etc/logcheck/logcheck.conf changed: REPORTLEVEL="server" SENDMAILTO="[email protected]" FQDN=1 -- debconf information: logcheck/changes: * logcheck/install-note:
--- End Message ---
--- Begin Message ---On Tue, 28 May 2024 00:24:21 +0100 Richard Lewis <[email protected]> wrote: > On Wed, 10 Oct 2012 09:24:26 -0400 CJ Fearnley <[email protected]> wrote: > > > File: /etc/logcheck/ignore.d.server/saslauthd > > > The following patch fixes a bug in the regex for ignoring > > useless lines from saslauthd authentication failures > > (/etc/logcheck/ignore.d.server/saslauthd) on this Squeeze system: > > > > > -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: > > \(pam_unix\) check pass; user unknown$ > > +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: > > pam_unix\(:auth\): check pass; user unknown$ > > This looks to still apply some 12 years later, in the sense that the rules > have > > <usual prefix with saslauthd +PID>: \(pam_unix\) check pass; user unknown$ > > But im unclear that the new line ' pam_unix\(:auth\): check pass; user > unknown' is the right solution in 2024 - I'd expect something like: > pam_unix\(????:auth\): check pass; user unknown$ > > but i dont know what the ???? would be. > > Think we need an update before this can be applied. A year later, closing as the suggested rules do not look valid. If there some issue with rules for saslauthd, please reopen with updated suggestion. (Im not sure we should even be hiding messages about unknown users logging in at all?)
--- End Message ---

