Package: postfix-policyd-spf-python Version: 3.0.4-1 Severity: important Tags: bookworm patch
I updated one of my servers from bullseye to bookworm this weekend and discovered a couple of issues with the logcheck regex shipped with postfix-policyd-spf-python: * The "+" at the beginning of the line causes grep 3.8 to emit the message "grep: warning: + at start of expression" every time logcheck is invoked * logcheck in bookworm defaults to checking the systemd journal, which uses high-resolution timestamps; the current pattern will not match those * The format of the message to be ignored has changed sometime before bullseye, so the logcheck rule as-is isn't actually doing anything I have attached a patch to update the rule, and tested it with rsyslog output (from bullseye and bookworm), as well as journald output from bookworm, and it appears to work correctly. Please consider applying the patch and uploading a new version of postfix-policyd-spf- python so this fix can be included in the bookworm release. Thanks, Mathias
diff --git a/debian/logcheck/postfix-policyd-spf-python b/debian/logcheck/postfix-policyd-spf-python
index 7abdccf..07a87b1 100644
--- a/debian/logcheck/postfix-policyd-spf-python
+++ b/debian/logcheck/postfix-policyd-spf-python
@@ -1,2 +1 @@
-+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ policyd-spf\[[0-9]+\]: (Pass|Neutral|None|Softfail|Fail|Temperror|Permerror); identity=(helo|mailfrom); client-ip=[0-9a-f.:]+; helo=.*; envelope-from=.*; receiver=
-
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ policyd-spf\[[0-9]+\]:( :)? prepend Received-SPF: (Pass|Neutral|None|Softfail|Fail|Temperror|Permerror) \((helo|mailfrom)\) identity=(helo|mailfrom); client-ip=[0-9a-f.:]+; helo=.*; envelope-from=.*; receiver=
signature.asc
Description: This is a digitally signed message part
