[Logcheck-commits] Mathias Krause: i.d.s/postfix: fixed policyd-weight patterns

Martin F. Krafft madduck at alioth.debian.org
Tue Jun 15 09:37:57 UTC 2010 

Module: logcheck
Branch: master
Commit: 89e67ba066c955d2be718f653395e4627942dd2e
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=89e67ba066c955d2be718f653395e4627942dd2e

Author: Mathias Krause <minipli at googlemail.com>
Date:   Mon Jun 14 23:22:36 2010 +0200

i.d.s/postfix: fixed policyd-weight patterns

At least the policyd-weight in lenny seems to generate quite different
patterns. For example the 'rate' is output multiple times in some
situations, the 'check from' is omited sometimes and somehow those log
messages have a trailing blank.

With those patterns logcheck stays silent again.

Signed-off-by: Mathias Krause <minipli at googlemail.com>
Signed-off-by: martin f. krafft <madduck at debian.org>

---

 debian/changelog                        |    5 +++++
 rulefiles/linux/ignore.d.server/postfix |    8 ++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 5f469c6..9096950 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,11 @@ logcheck (1.3.11) UNRELEASED; urgency=low
     - ignore successful kerberos authentication
     - ignore session opened/closed messages
 
+  [ martin f. krafft ]
+  * ignore.d.server/postfix:
+    - patch from Mathias Krause to address changes in policy-weightd log
+      message format.
+
  -- Hannes von Haugwitz <hannes at vonhaugwitz.com>  Mon, 14 Jun 2010 08:32:11 +0200
 
 logcheck (1.3.10) unstable; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index be14415..2a6b554 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -29,10 +29,10 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [[:digit:]a-f.:]+, header_comment=[.[:alnum:]]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [[:xdigit:].:]{3,39} as permitted sender$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: decided action=DUNNO$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: handler sender_permitted_from: DUNNO$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight):  ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) )+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\)  ([\()/_[:alnum:]]+=(-)?[[:digit:].]+ )+)*<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>, rate: (-)?[[:digit:].]+(; delay: [[:digit:]]+s)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+ from HAM cache$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo: [^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)|please relay via your ISP \([._[:alnum:]-]+\)))*|Your MTA is listed in too many DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors - retrying too fast\. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries\.)( \(multirecipient mail\))?(; delay: [[:digit:]]+s)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+(; delay: [[:digit:]]+s)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight):  ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) ?)+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\)  ([\()/_[:alnum:]]+=(-)?[[:digit:].]+ ?)+)?(; rate: (-)?[[:digit:].]+)?; *<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>(; rate: (-)?[[:digit:].]+)?(; delay: [[:digit:]]+s)? ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+ from HAM cache ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo: [^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)|please relay via your ISP \([._[:alnum:]-]+\)))*|Your MTA is listed in too many DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors - retrying too fast\. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries\.)( \(multirecipient mail\))?(; delay: [[:digit:]]+s)? ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+(; *<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>)?(; delay: [[:digit:]]+s)? ?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postfix-script: refreshing the Postfix mail system$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postsuper\[[[:digit:]]+\]: Deleted: [[:digit:]]+ messages?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/qmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$

More information about the Logcheck-commits mailing list