On Mon, Jan 05, 2009 at 09:35:47AM +0100, Thomas Mueller wrote:
> I created a new ruleset for postfix-policyd (see the attachment).
Thanks very much.
To be thorough, I looked through the postfix-policyd source code and
added all the possible modules in there. The result is a bit unwieldy,
so I was wondering if you'd be willing to give it a try, to make sure I
didn't screw up?
> the actual package name is postfix-policyd. Maybe the "policyd" file
> can be removed?
Will do.
--
Being overloaded is the sign of a true Debian maintainer.
-- JHM on #Debian
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: connection from:
[._[:alnum:]-]+ port: [[:digit:]]+ slots: [[:digit:]]+ of [[:digit:]]+ used$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
((blacklist|blacklist_sender|blacklist_dnsname)=block|blacklist_helo=new|greylist=(optout|abl|new|new_train|abuse|awl|update|update_train)|helo=abuse|spamtrap=new|(whitelist|whitelist_sender|whitelist_dnsname)=update|bypass),
host=[[:digit:].]+ \([._[:alnum:]-]+\), from=[^[:space:]]+, to=[^[:space:]]+,
size=[/[:digit:]]+( helo=[^[:space:]]+)?( expire=[[:digit:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
throttle(_rcpt)?=(new\(a\)|abuse\(f\)|clear\(a\)|blacklisted\(f\)|update\([[:alpha:]]\)),
host=[[:digit:].]+, from=[^[:space:]]+, to=[^[:space:]]+(,
size=[[:digit:]]+/[[:digit:]]+)?(, quota=[[:digit:]]+/[[:digit:]]+)?,
count=[[:digit:]]+/[[:digit:]]+\([[:digit:]]+\),
rcpt=[[:digit:]]+/[[:digit:]]+\([[:digit:]]+\)(, abuse=[[:digit:]]+)?,
threshold=[[:digit:]]+%\|[[:digit:]]+%\|[[:digit:]]%(,
sasl_username=[._[:alnum:]-]+)?$
# The cleanup process is run once every night
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: clean up process starting:
policyd v[[:digit:].]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: connecting to mysql
database:( [._[:alnum:]-]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: connected\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring
(validated|unvalidated|autowhitelisted|helo|throttlesender|throttlerecipient|training
policies) records older than [[:digit:]]+ days \([[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring blacklisted records
\([[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring throttlesender
instances older than 1 hour \([[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expired: [[:digit:]]+ records$
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
