Bug#259603: [Logcheck-devel] Bug#259603: logcheck-database: postfix/lmtp rules do not match some configurations

[maks attems]

tags 259603 pending
thanks

hello jamie,

On Thu, 15 Jul 2004, Jamie L. Penman-Smithson wrote:

> package: logcheck-database
> version: 1.2.23
> severity: wishlist
> 
> The current regexp's for postfix/lmtp..
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]:
> to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\],
> delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$
> 
> ..doesn't catch these messages:
> 
> Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E)
> Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok)
> 
> The first is the message being relayed to amavisd-new and the second
> it's delivered to the cyrus socket.
> 
> I fiddled but could only get to this point:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-Z]+:
> to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+, status=sent
> \(250 2\.6\.0 Ok.*$
> 
> It matches:
> 
> Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B: to=<devnull at silverdream.org>, relay=127.0.0.1[127.0.0.1], delay=8, status=sent (250 2.6.0 Ok, id=15483-07, from MTA: 250 Ok: queued as 6D11E480008E)
> 
> However the .* at the end needs improving.. I think the former message
> didn't match because it lacks an orig_to, and the regexp only has '250
> 2.1.5 Ok' as a response.
> 
> I'm assuming this doesn't match because of the path as a relay..?
> 
> Jul 15 17:15:16 lorien postfix/lmtp[17160]: 6D11E480008E: to=<devnull.silverdream.org at silverdream.org>, orig_to=<devnull at silverdream.org>, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=0, status=sent (250 2.1.5 Ok)
> 
> I'm relatively new to regular expressions and this is beyond me, I'd be
> interested to see if you can come up with a fix if possible :)

i've been quite busy lately, so no time to fix that,
but fortunately we got a new bug filled #260810 with perfect rule.
it's already in cvs and will get in next logcheck version 1.2.24 
please test it :) 
just copying:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\[[^[:space:]]+\], delay=[0-9]+, status=sent \(250 2\.6\.0 Ok, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+\)$

hope that helps
a++ maks




-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040722/7e4e20c7/attachment.pgp