[Logcheck-devel] Bug#303128: logcheck-database: rules for amavis / courier imapd / spamd

Douglas F. Calvert dfc at anize.org
Mon Apr 4 22:34:03 UTC 2005 

Package: logcheck-database
Version: 1.2.37
Severity: normal


Hello,
 Thank you for adding rules for procmail/postfix. I am still seeing a number of messages that I do not wish to see and I can not figure out the appropriate regexp. 
The relvant lines are included below...

courier-imap:
Apr  4 07:11:02 terminus imaplogin: LOGOUT, user=user, ip=[::ffff:69.56.216.138], headers=0, body=0, time=20

amavis:
Apr  4 07:11:55 terminus amavis[6620]: (06620-03-4) Passed, <kjalj3lad at yahoo.com> -> <doug at localhost>, Message-ID: <UXSGTOABBRKUCVSYGYSXW at hotmail.com>, Hits: -
Apr  4 07:11:55 terminus amavis[6620]: (06620-03-5) Passed, <jasfdah at howisonmarine.com> -> <WISE_STEPHEN_D at LILLY.COM>,<rfdtxch at localhost>, Message-ID: <425123D8.9060709 at howisonmarine.com>, Hits: -

spamd (these are reported as security events at the server report level):
Apr  4 07:07:08 terminus spamd[22281]: result: Y 42 - AWL,BAYES_99,DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS,DOMAIN_RATIO,HEAD_ILLEGAL_CHARS,HTML_90_100,HTML_IMAGE_ONLY_16,HTML_MESSAGE,HTTP_ESCAPED_HOST,HTTP_EXCESSIVE_ESCAPES,MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MIME_QP_LONG_LINE,MISSING_MIMEOLE,MPART_ALT_DIFF,MSGID_SPAM_CAPS,MSGID_YAHOO_CAPS,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_NUMERIC_HELO,SUBJ_ILLEGAL_CHARS,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=11.6,size=2862,mid=<TFJTTROCINKDGKEOJUTOTFS at yahoo.com>,bayes=1,autolearn=spam
Apr  4 07:07:09 terminus spamd[21539]: result: Y 43 - AWL,BAYES_99,DNS_FROM_RFC_POST,DNS_FROM_RFC_WHOIS,DOMAIN_RATIO,HEAD_ILLEGAL_CHARS,HTML_90_100,HTML_IMAGE_ONLY_16,HTML_MESSAGE,HTTP_ESCAPED_HOST,HTTP_EXCESSIVE_ESCAPES,MIME_BOUND_DD_DIGITS,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MIME_QP_LONG_LINE,MISSING_MIMEOLE,MPART_ALT_DIFF,MSGID_SPAM_CAPS,MSGID_YAHOO_CAPS,RAZOR2_CF_RANGE_51_100,RAZOR2_CHECK,RCVD_NUMERIC_HELO,SUBJ_ILLEGAL_CHARS,URIBL_AB_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=12.4,size=2860,mid=<TFJTTROCINKDGKEOJUTOTFS at yahoo.com>,bayes=1,autolearn=spam

spamd (these are not security events):

Apr  4 08:00:25 terminus spamd[27462]: server hit by SIGCHLD
Apr  4 08:00:25 terminus spamd[27462]: handled cleanup of child pid 22281
Apr  4 08:00:25 terminus spamd[27462]: server successfully spawned child process, pid 9148


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-exec-shield
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.47     Debian configuration management sy

-- debconf information:
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false

More information about the Logcheck-devel mailing list