[Logcheck-devel] Bug#552134: marked as done (amavisd-new: supplied logcheck ignore rules let everything through)

Thu, 08 Sep 2011 10:57:15 -0700 

Your message dated Thu, 8 Sep 2011 19:53:14 +0200
with message-id <[email protected]>
and subject line Re: Bug#552134: amavisd-new: supplied logcheck ignore rules 
let, everything through
has caused the Debian Bug report #552134,
regarding amavisd-new: supplied logcheck ignore rules let everything through
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
552134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552134
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: amavisd-new
Version: 1:2.6.1.dfsg-1
Severity: minor
Tags: patch

I use postfix, amavisd-new, clamav, spamassassin.

And logcheck (with default, server setting)

Logcheck sends me a lot of reports from the logfile about amavisd-new results.
As I see in the /etc/logcheck/ignore.d.server file, an attempt was made to
filter out some of the unnecessary reports.

However, the 'Passed CLEAN' rule does not match. And the 'WARN: address
modified' rule doesn't match either.

Here is a sample log line that got through:
Oct 23 14:02:37 spark amavis[1199]: (01199-02) Passed CLEAN, 
<[email protected]> -> <[email protected]>, Message-ID: 
<[email protected]>, mail_id: Sjiu0FmRJKMZ, Hits: -2.593, 
size: 2739, queued_as: 13C0923693, 3797 ms

this changed rule seem to work for me:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: 
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> 
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added 
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: 
[-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: 
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$

also please create rules to ignore 'Passed BAD-HEADER', 'Passed SPAMMY',
'Blocked SPAM', and some others.

Rationale: With a small mailserver I have so many amavis reports from logcheck
that logcheck is not useful at all, and these lines only show that amavis is
working as expected, there is nothing to warn about.

examples:
Oct 23 14:15:32 moto amavis[21170]: (21170-16) Passed BAD-HEADER, 
[84.1.230.188] [80.249.168.77] <[email protected]> -> <[email protected]>, 
quarantine: S/badh-S1hyDigHfMDw, Message-ID: 
<[email protected]>, mail_id: S1hyDigHfMDw, Hits: 
1.103, size: 16511, queued_as: B18A947C10, 5824 ms
Sep  5 20:14:01 spark amavis[9254]: (09254-02) Blocked SPAM, [85.186.127.160] 
[85.186.127.160] <[email protected]> -> <[email protected]>, 
quarantine: spam-YomiQ3CnmC61.gz, mail_id: YomiQ3CnmC61, Hits: 18.677, 8520 ms
Sep  5 21:01:57 spark amavis[10967]: (10967-04) WARN: address modified 
(sender): <pcrips@[email protected]> -> 
<"pcrips@sisnaa-key"@aerospacesw.com>
Oct 22 20:07:19 spark amavis[30821]: (30821-16) Passed SPAMMY, [84.2.39.149] 
[81.182.240.90] <> -> <[email protected]>, Message-ID: 
<[email protected]>, mail_id: gKqeGve+At5F, Hits: 3.976, size: 
193674, queued_as: 96D7419A41, 15663 ms

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages amavisd-new depends on:
ii  adduser                  3.110           add and remove users and groups
ii  debconf [debconf-2.0]    1.5.24          Debian configuration management sy
ii  file                     4.26-1          Determines file type using "magic"
ii  libarchive-zip-perl      1.18-1          Module for manipulation of ZIP arc
ii  libberkeleydb-perl       0.34-1+b1       use Berkeley DB 4 databases from P
ii  libcompress-zlib-perl    2.012-1         Perl module for creation and manip
ii  libconvert-tnef-perl     0.17-8          Perl module to read TNEF files
ii  libconvert-uulib-perl    1.11-1          Perl interface to the uulib librar
pn  libdigest-md5-perl       <none>          (no description available)
ii  libio-stringy-perl       2.110-4         Perl modules for IO from scalars a
ii  libmailtools-perl        2.03-1          Manipulate email in perl programs
pn  libmime-base64-perl      <none>          (no description available)
ii  libmime-tools-perl       5.427-1         Perl5 modules for MIME-compliant m
ii  libnet-server-perl       0.97-1          An extensible, general perl server
ii  libunix-syslog-perl      1.1-2           Perl interface to the UNIX syslog(
ii  perl [libtime-hires-perl 5.10.0-19lenny2 Larry Wall's Practical Extraction 
ii  perl-modules [libarchive 5.10.0-19lenny2 Core Perl modules

amavisd-new recommends no packages.

Versions of packages amavisd-new suggests:
ii  apt-listchanges  2.83                    package change history notificatio
pn  arj              <none>                  (no description available)
pn  cabextract       <none>                  (no description available)
ii  clamav           0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - comm
ii  clamav-daemon    0.95.2+dfsg-1~volatile1 anti-virus utility for Unix - scan
ii  cpio             2.9-13                  GNU cpio -- a program to manage ar
pn  dspam            <none>                  (no description available)
pn  lha              <none>                  (no description available)
pn  libauthen-sasl-p <none>                  (no description available)
pn  libdbi-perl      <none>                  (no description available)
pn  libmail-dkim-per <none>                  (no description available)
pn  libnet-ldap-perl <none>                  (no description available)
pn  lzop             <none>                  (no description available)
pn  nomarch          <none>                  (no description available)
ii  spamassassin     3.2.5-2+lenny1          Perl-based spam filter using text 
pn  unrar            <none>                  (no description available)
pn  zoo              <none>                  (no description available)

-- debconf information:
  amavisd-new/outdated_config_style_warning:

--- End Message ---
--- Begin Message --- 
Version: 1.3.14

Hello,

With the exception of the "Blocked SPAM" log line, all other log lines
mentioned in this bug report should be filtered now. Hence I close this
bug as fixed in logcheck 1.3.14.

For the "Blocked SPAM" message feel free to fill a separate wishlist bug
against the logcheck-database package.

Greetings

Hannes

--- End Message ---
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel

Reply via email to