[Logcheck-devel] Bug#327114: postfix rules does not work with ipv6

Marco Nenciarini mnencia at prato.linux.it
Wed Sep 7 17:59:13 UTC 2005 

Package: logcheck
Version: 1.2.41
Severity: normal
Tags: patch

Another ipv6 bug:

All postfix rules involving an ip are "binded" to ipv4.

I've made a little patch.

In that patch I have also corrected the line containing

host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$

my version of postfix (sarge) prepend to it the message id
and added the line containing:

lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$

Ciao

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=it_IT.UTF-8 at euro, LC_CTYPE=it_IT.UTF-8 at euro (charmap=UTF-8)

Versions of packages logcheck depends on:
ii  adduser          3.63                    Add and remove users and groups
ii  cron             3.0pl1-86               management of regular background p
ii  debconf [debconf 1.4.30.13               Debian configuration management sy
ii  debianutils      2.8.4                   Miscellaneous utilities specific t
ii  grep             2.5.1.ds1-4             GNU grep, egrep and fgrep
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.41                  database of system log rules for t
ii  logtail          1.2.41                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii  postfix [mail-tr 2.1.5-9                 A high-performance mail transport 
ii  sysklogd [system 1.4.1-17                System Logging Daemon

-- debconf information excluded

-- 
---------------------------------------------------------------------
|    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
| mnencia at prato.linux.it | http://www.prato.linux.it/~mnencia       |
---------------------------------------------------------------------
Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4

-------------- next part --------------
--- postfix.old	2005-09-07 18:36:30.145443870 +0200
+++ postfix	2005-09-07 19:23:22.815751312 +0200
@@ -18,21 +18,22 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Peer|Server) certificate could not be verified$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for hostname [._[:alnum:]-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher [^[:space:]]+ \([/0-9]+ bits\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (to|from) [._[:alnum:]-]+(\[[0-9.]+{7,15}\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Verified: subject_CN=.*, issuer=.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Unverified: subject_CN=.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9.]{7,15}\]: [45][0-9][0-9] .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ Connection refused \(port [0-9]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ No route to host \(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ Network is unreachable \(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ server refused mail service \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[0-9a-f.:]{3,39}\]: read timeout \(port 25\)$
 # Postfix 2.1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ server dropped connection without sending the initial SMTP greeting \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost connection with [^[:space:]]+ while sending end of data -- message may be sent more than once$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)$
@@ -43,30 +44,30 @@
 # Postfix < 2.1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: server dropped connection without sending the initial greeting \(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=\<.*\>, relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] said: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [.0-9]+: address not listed for hostname [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [[0-9a-f.:]{3,39}]+: address not listed for hostname [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: misplaced delimiter: .$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: valid_hostname: empty hostname$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [._[:alnum:]-]+: [0-9.]{7,15}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [._[:alnum:]-]+: [0-9a-f.:]{3,39}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX for [^[:space:]]+ is local$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: malformed domain name in resource data of CNAME record for [^[:space:]]+: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after (HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[.0-9]{7,15}\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: resent-message-id=<.+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [.0-9]+ in address->name lookup for [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP command: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL command: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [._[:alnum:]-]+\[[0-9.]{7,15}\]: -1$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_spf_result: unknown SPF result 4 \(unknown\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+(\]|\[[^[:space:]]+\]), delay=[0-9]+, status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: exec /usr/bin/procmail\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9.]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [.0-9]+ as permitted sender$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \((smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start interval \w{3} [ :0-9]{11}$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050907/1f327025/attachment.pgp

More information about the Logcheck-devel mailing list