[Logcheck-devel] Bug#510832: Updated rules for postfix-policyd

Thu, 20 Aug 2009 19:26:16 -0700 

On Mon, Jan 05, 2009 at 09:35:47AM +0100, Thomas Mueller wrote:
> I created a new ruleset for postfix-policyd (see the attachment).

Thanks very much.

To be thorough, I looked through the postfix-policyd source code and
added all the possible modules in there.  The result is a bit unwieldy,
so I was wondering if you'd be willing to give it a try, to make sure I
didn't screw up?

> the actual package name is postfix-policyd. Maybe the "policyd" file
> can be removed?

Will do.


-- 
Being overloaded is the sign of a true Debian maintainer.
                -- JHM on #Debian

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: connection from: 
[._[:alnum:]-]+ port: [[:digit:]]+ slots: [[:digit:]]+ of [[:digit:]]+ used$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
((blacklist|blacklist_sender|blacklist_dnsname)=block|blacklist_helo=new|greylist=(optout|abl|new|new_train|abuse|awl|update|update_train)|helo=abuse|spamtrap=new|(whitelist|whitelist_sender|whitelist_dnsname)=update|bypass),
 host=[[:digit:].]+ \([._[:alnum:]-]+\), from=[^[:space:]]+, to=[^[:space:]]+, 
size=[/[:digit:]]+( helo=[^[:space:]]+)?( expire=[[:digit:]]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
throttle(_rcpt)?=(new\(a\)|abuse\(f\)|clear\(a\)|blacklisted\(f\)|update\([[:alpha:]]\)),
 host=[[:digit:].]+, from=[^[:space:]]+, to=[^[:space:]]+(, 
size=[[:digit:]]+/[[:digit:]]+)?(, quota=[[:digit:]]+/[[:digit:]]+)?, 
count=[[:digit:]]+/[[:digit:]]+\([[:digit:]]+\), 
rcpt=[[:digit:]]+/[[:digit:]]+\([[:digit:]]+\)(, abuse=[[:digit:]]+)?, 
threshold=[[:digit:]]+%\|[[:digit:]]+%\|[[:digit:]]%(, 
sasl_username=[._[:alnum:]-]+)?$

# The cleanup process is run once every night
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: clean up process starting: 
policyd v[[:digit:].]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: connecting to mysql 
database:( [._[:alnum:]-]+)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: connected\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring 
(validated|unvalidated|autowhitelisted|helo|throttlesender|throttlerecipient|training
 policies) records older than [[:digit:]]+ days \([[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring blacklisted records 
\([[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expiring throttlesender 
instances older than 1 hour \([[:digit:]]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cleanup: expired: [[:digit:]]+ records$

_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to