-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This same problem occurs in another rule in logcheck-postfix:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
[[:upper:]0-9]+: reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9](
<[^[:space:]]*>:)? Sender address rejected: Domain not found;
from=<[^[:space:]]*> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
Many cases have a "to=" occuring after the "from=" and before the
"proto=" as the following logline illustrates:
Aug 11 05:02:04 buffy postfix/smtpd[30286]: NOQUEUE: reject: RCPT from
unknown[0.0.0.0]: 450 <[EMAIL PROTECTED]>: Recipient address
rejected: Temporarily refused, please try again later;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
proto=SMTP helo=<0.0.0.0>"
So the "Sender address rejected: Domain not found" logcheck rule also
needs to be modified in the same way as the "Sender address rejected"
line was modified in the previous entries to this bug.
I've attached a new patch, which resolves both of these issues, you can
ignore the previous two patches as this one replaces those.
Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE3I/H9n4qXRzy1ioRArMtAKCkadeK25ISP5tMgS2/CUBoYnJ3mQCeOzAE
1PcTTOARWlUTyFZYMgclJPY=
=Z7x3
-----END PGP SIGNATURE-----
=== logcheck-postfix
==================================================================
--- logcheck-postfix (revision 1168)
+++ logcheck-postfix (local)
@@ -1,6 +1,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[.[:digit:]]+: hostname [^[:space:]]+ verification failed: (Host not found|Host
name has no address|Name or service not known|Temporary failure in name
resolution)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
reject: RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your
hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP)
helo=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>:
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>:
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*>
(to=<[^[:space:]]+> )?proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo
command rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied;
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9] Service unavailable;
Sender address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
@@ -35,5 +35,5 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: SASL
authentication failure: Password verification failed
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:upper:]0-9]+:
reject: body .* from [._[:alnum:]-]+\[[0-9.]{7,15}\]; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>: Email with EXE
files attached denied
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]:
[[:upper:][:digit:]]+: reject: header Content-Type: application/x-msdownload;
name=.* from [._[:alnum:]-]+\[[0-9.]{7,15}\]; from=<.*> to=<.*> proto=SMTP
helo=<.*>: Message content rejected
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( <[^[:space:]]*>:)?
Sender address rejected: Domain not found; from=<[^[:space:]]*>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( <[^[:space:]]*>:)?
Sender address rejected: Domain not found; from=<[^[:space:]]*>
(to=<[^[:space:]]+> )?proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL
(LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
