[Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations

Jamie L. Penman-Smithson jamie at silverdream.org
Thu Jul 15 17:50:59 UTC 2004 

package: logcheck-database
version: 1.2.23
severity: wishlist

The current regexp's for postfix/lmtp..

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]:
to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\],
delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$

..doesn't catch these messages:

Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E)
Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok)

The first is the message being relayed to amavisd-new and the second
it's delivered to the cyrus socket.

I fiddled but could only get to this point:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-Z]+:
to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+, status=sent
\(250 2\.6\.0 Ok.*$

It matches:

Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E)

However the .* at the end needs improving.. I think the former message
didn't match because it lacks an orig_to, and the regexp only has '250
2.1.5 Ok' as a response.

I'm assuming this doesn't match because of the path as a relay..?

Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok)

I'm relatively new to regular expressions and this is beyond me, I'd be
interested to see if you can come up with a fix if possible :)

-j

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 01:30:01 up 13 days,  3:46, 13 users,  load average: 0.20, 0.35, 0.40

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040715/9a6f4c4b/attachment.pgp

More information about the Logcheck-devel mailing list