Bug#327114: [Logcheck-devel] Bug#327114: postfix rules does not work with ipv6

Todd Troxell ttroxell at debian.org
Thu Sep 22 05:33:16 UTC 2005 

tags 327114 pending
thanks.

Thanks, applied.

On Wed, Sep 07, 2005 at 07:59:13PM +0200, Marco Nenciarini wrote:
> Package: logcheck
> Version: 1.2.41
> Severity: normal
> Tags: patch
> 
> Another ipv6 bug:
> 
> All postfix rules involving an ip are "binded" to ipv4.
> 
> I've made a little patch.
> 
> In that patch I have also corrected the line containing
> 
> host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
> 
> my version of postfix (sarge) prepend to it the message id
> and added the line containing:
> 
> lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
> 
> Ciao
> 
> -- System Information:
> Debian Release: 3.1
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-k7
> Locale: LANG=it_IT.UTF-8 at euro, LC_CTYPE=it_IT.UTF-8 at euro (charmap=UTF-8)
> 
> Versions of packages logcheck depends on:
> ii  adduser          3.63                    Add and remove users and groups
> ii  cron             3.0pl1-86               management of regular background p
> ii  debconf [debconf 1.4.30.13               Debian configuration management sy
> ii  debianutils      2.8.4                   Miscellaneous utilities specific t
> ii  grep             2.5.1.ds1-4             GNU grep, egrep and fgrep
> ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
> ii  logcheck-databas 1.2.41                  database of system log rules for t
> ii  logtail          1.2.41                  Print log file lines that have not
> ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
> ii  postfix [mail-tr 2.1.5-9                 A high-performance mail transport 
> ii  sysklogd [system 1.4.1-17                System Logging Daemon
> 
> -- debconf information excluded
> 
> -- 
> ---------------------------------------------------------------------
> |    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
> | mnencia at prato.linux.it | http://www.prato.linux.it/~mnencia       |
> ---------------------------------------------------------------------
> Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4
> 

> --- postfix.old	2005-09-07 18:36:30.145443870 +0200
> +++ postfix	2005-09-07 19:23:22.815751312 +0200
> @@ -18,21 +18,22 @@
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Peer|Server) certificate could not be verified$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for hostname [._[:alnum:]-]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher [^[:space:]]+ \([/0-9]+ bits\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (to|from) [._[:alnum:]-]+(\[[0-9.]+{7,15}\])?$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Verified: subject_CN=.*, issuer=.*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Unverified: subject_CN=.*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: OTP unavailable because can't read/write key database /etc/opiekeys: No such file or directory$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9.]{7,15}\]: [45][0-9][0-9] .*$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ Connection refused \(port [0-9]+\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ No route to host \(port 25\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ Network is unreachable \(port 25\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ server refused mail service \(port 25\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[0-9a-f.:]{3,39}\]: read timeout \(port 25\)$
>  # Postfix 2.1
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ server dropped connection without sending the initial SMTP greeting \(port 25\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost connection with [^[:space:]]+ while sending end of data -- message may be sent more than once$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)$
> @@ -43,30 +44,30 @@
>  # Postfix < 2.1
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: server dropped connection without sending the initial greeting \(port 25\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=\<.*\>, relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] said: .*$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [.0-9]+: address not listed for hostname [^[:space:]]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [[0-9a-f.:]{3,39}]+: address not listed for hostname [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: valid_hostname: misplaced delimiter: .$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: valid_hostname: empty hostname$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for .*$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [._[:alnum:]-]+: [0-9.]{7,15}$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [._[:alnum:]-]+: [0-9a-f.:]{3,39}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX for [^[:space:]]+ is local$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: malformed domain name in resource data of CNAME record for [^[:space:]]+: .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after (HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[.0-9]{7,15}\]$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: resent-message-id=<.+>$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [.0-9]+ in address->name lookup for [^[:space:]]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP command: .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL command: .*$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [._[:alnum:]-]+\[[0-9.]{7,15}\]: -1$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_spf_result: unknown SPF result 4 \(unknown\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+(\]|\[[^[:space:]]+\]), delay=[0-9]+, status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: exec /usr/bin/procmail\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9.]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [.0-9]+ as permitted sender$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \((smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start interval \w{3} [ :0-9]{11}$




> _______________________________________________
> Logcheck-devel mailing list
> Logcheck-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel


-- 
Todd Troxell
http://rapidpacket.com/~xtat

More information about the Logcheck-devel mailing list