[Logcheck-devel] Mailscanner + postfix in logcheck

maks attems debian at sternwelten.at
Mon Oct 11 10:16:21 UTC 2004 

On Wed, 06 Oct 2004, miasma at no-net.org wrote:

> Hello i'm currently using logcheck 1.2.28 , mailscanner 4.34.4-1 and
> postfix 2.1.4-5 obviusly on a debian sid.
> 
> Logcheck work fine, but some messages i think can be ignored...
> I wrote some line to add it to postfix file and mailscanner file in
> ingnore.d.server :
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]:
> [[:alnum:]]+: hold: header Received: by [[:alnum:]]+ .*$
> 
> example of the log:
> ...
> Oct  5 23:53:35 ZeuS postfix/pickup[31721]: AB5D034975: uid=0 from=<root>
> Oct  5 23:53:35 ZeuS postfix/cleanup[31763]: AB5D034975: hold: header
> Received: by mail.no-net.org (Postfix, from userid 0)??id AB5D034975; Tue,
>  5 Oct 2004 23:53:35 +0200 (CEST) from local; from=<miasma at no-net.org>
> to=<miasma at no-net.org>
> Oct  5 23:53:35 ZeuS postfix/cleanup[31763]: AB5D034975:
> message-id=<20041005215335.AB5D034975 at mail.no-net.org>
> Oct  5 23:53:40 ZeuS MailScanner[30539]: New Batch: Scanning 1 messages,
> 434 bytes
> ...

hmm please use '[._[:alnum:]-]+' to match an hostname,
'.*' should only be used for remote strings, where we have no clue.
could you try to get a more complete and tested rule?
please also file a bug report with some more loglines to match against?
 
> This messages appear everytimes postfix give an email to mailscanner so it
> can check it.
> 
> Please add flock Locktype:
> 
> MailScanner\[[0-9]+\]: Using locktype = flock
> 
> Log example:
> ...
> Oct  5 23:06:37 ZeuS MailScanner[30539]: Using locktype = flock
> ...

good start, but please follow style of:
 /usr/share/doc/logcheck-database/README.logcheck-database.gz
that is matching the hole logline. you have plenty of examples
in logcheck-database.
 
> Thank for your work, i hope i've done a good work and that it can be
> useful to someone other me..

again thanks for your message,
please try to enhance your aboves rules for inclusion,
and submit a bug report, so that logcheck maintainers don't forget
about it.

 
--
maks

More information about the Logcheck-devel mailing list