[Logcheck-devel] Bug#385001: Acknowledgement (logcheck-database: 2 broken rules in ignore.d.server/postfix)

Mon, 28 Aug 2006 10:23:43 -0700 

Heya,

the resent-messages line is obviously still not completely fixed, sorry.
I've attached a new patch which will make sure ids like

2 one postfix/cleanup: 9A74170000A0:
resent-message-id=<[EMAIL PROTECTED]>

get filtered, too.


Best regards,

Bernd

diff -cr logcheck-1.2.47.old/rulefiles/linux/ignore.d.server/postfix 
logcheck-1.2.47/rulefiles/linux/ignore.d.server/postfix
*** logcheck-1.2.47.old/rulefiles/linux/ignore.d.server/postfix Mon Aug 28 
14:00:18 2006
--- logcheck-1.2.47/rulefiles/linux/ignore.d.server/postfix     Mon Aug 28 
14:02:27 2006
***************
*** 59,65 ****
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
client=[^[:space:]]+, sasl_sender=.*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: 
resent-message-id=<[[:alnum:[EMAIL PROTECTED]:alnum:]]>$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric 
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal 
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP 
command: .*$
--- 59,65 ----
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
client=[^[:space:]]+, sasl_sender=.*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: 
resent-message-id=<[-_.[:alnum:[EMAIL PROTECTED]:alnum:]]+>$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric 
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal 
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP 
command: .*$
***************
*** 69,75 ****
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, 
dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 
([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
relay=local, delay=[0-9]+, status=sent \(delivered to command: exec 
/usr/bin/procmail\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: 
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, 
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL 
PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max 
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for 
\(([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max 
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: 
start interval \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: 
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$
--- 69,75 ----
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, 
dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 
([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
relay=local, delay=[0-9]+, status=sent \(delivered to command: exec 
/usr/bin/procmail\)$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: 
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, 
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL 
PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
! ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max 
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for 
\(([.[:digit:]]{1,16}:)?(smtp(s)?|25|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max 
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: 
start interval \w{3} [ :0-9]{11}$
  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: 
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$

_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to