Bug#336558: [Logcheck-devel] Bug#336558: logcheck: spamd rules in 1.2.42
Karl Chen
quarl at cs.berkeley.edu
Mon Oct 31 20:29:49 UTC 2005
>>>>> On 2005-10-31 09:51 PST, Jamie L Penman-Smithson writes:
>> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:
>> (spamd: )?result: .*$
Jamie> This is far too broad. Please could you provide the log
Jamie> messages you're trying to ignore with this rule.
OK, I know .* is a sin. It's possible to write a restrictive
regexp, though I suspect it'll be very brittle with respect to
SpamAssassin configuration and version. In the end every term
like "(user=[a-z]+,)" might end up being optional since some
people won't have bayes or whatnot enabled. It's too bad
SpamAssassin spews to syslog by default now...
Oct 31 12:15:58 roar spamd[18572]: spamd: result: . -6 - BAYES_00 scantime=1.5,size=4453,user=quarl,uid=1234,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=1234,mid=<123.456 at example.net>,bayes=0,autolearn=ham
Oct 31 12:12:16 roar spamd[18572]: spamd: result: Y 38 - BAYES_99,FORGED_RCVD_HELO,HTML_FONT_FACE_BAD,HTML_MESSAGE,INFO_TLD,MIME_HTML_ONLY,RCVD_HELO_IP_MISMATCH,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_NJABL_PROXY,RCVD_IN_XBL,RCVD_NUMERIC_HELO,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,URI_NOVOWEL scantime=5.2,size=10758,user=quarl,uid=1234,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=1234,mid=<123.456 at example.com>,bayes=1,autolearn=spam
--
Karl 2005-10-31 12:18
More information about the Logcheck-devel
mailing list