[Logcheck-devel] Bug#382440: logcheck-database: Postfix rule missing in violations.ignore.d
Micah Anderson
micah at debian.org
Fri Aug 11 01:27:38 UTC 2006
Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch
Without the following logcheck line in
/etc/logcheck/violations.ignore.d, lines such as the following are
reported:
postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>,
relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22,
from MTA: 250 Ok: queued as 15140A2D0A)
This is because of the keyword "illegal" other accounts with words such
as "attack" in their username also get reported. Adding the following
seems to resolve this:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
Micah
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-vserver-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
More information about the Logcheck-devel
mailing list