Bug#1027829: pflogsumm ignores header filter rejects in postfix logs

Tue, 03 Jan 2023 12:45:18 -0800 

Package: pflogsumm
Version: 1.1.5-7
Severity: normal
Tags: patch

pflogsumm ignores emails rejected by non-milter cleanup mechanisms such
as header filtering. This because of a bug/typo in the milter-rejects
patch which was added in #743570: 
https://sources.debian.org/patches/pflogsumm/1.1.5-7/milter-rejects/

With the milter-rejects patch, plain 'reject:' loglines are ignored and only
'milter-reject:' loglines are counted.

Example of an ignored logline:

Dec 29 08:01:23 server postfix/cleanup[12345]: AEGIM3EE9EID: reject: header 
Received: from example.com (example.com [192.0.2.1])??by 
KooR3roh2ooxuk.server.example.org.example.com (x) with ESMTP ID: Eu_h4do??Thu, 
29 Dec 2022 08:01:23 +0100 from out.example.net[203.0.113.1]; 
from=<sen...@example.net> to=<recipi...@example.org> proto=ESMTP 
helo=<out.example.net>: 5.7.1 Forged Received header


How to reproduce:
- echo 'Dec 29 08:01:23 server postfix/cleanup[12345]: AEGIM3EE9EID: reject: 
header Received: from example.com (example.com [192.0.2.1])??by 
KooR3roh2ooxuk.server.example.org.example.com (x) with ESMTP ID: Eu_h4do??Thu, 
29 Dec 2022 08:01:23 +0100 from out.example.net[203.0.113.1]; 
from=<sen...@example.net> to=<recipi...@example.org> proto=ESMTP 
helo=<out.example.net>: 5.7.1 Forged Received header' > testlog
- pflogsumm testlog
- observe that 0 messages are reported


How to fix:
The regex in the milter-rejects patch has a bug/typo which causes it to
only match 'milter-reject:' but no longer match plain 'reject:'

+       /\/cleanup\[\d+\]: .*?\b((?:milter-)reject|warning|hold|discard): 
(header|body|END-OF-MESSAGE) (.*)$/) == 3)

The 'milter-' part should be optional to match both:

+       /\/cleanup\[\d+\]: .*?\b((?:milter-)?reject|warning|hold|discard): 
(header|body|END-OF-MESSAGE) (.*)$/) == 3)







-- System Information:
Debian Release: 11.6
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'stable-security')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-20-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages pflogsumm depends on:
ii  libdate-calc-perl  6.4-1.1
ii  perl               5.32.1-4+deb11u2

pflogsumm recommends no packages.

pflogsumm suggests no packages.

-- no debconf information

Reply via email to