[Logcheck-devel] Bug#404422: logcheck-database: postfix/lmtp messages not ignored by ignore.d.server/postfix

David D. Kilzer ddkilzer at kilzer.net
Sun Dec 24 17:32:26 UTC 2006 

Package: logcheck-database
Version: 1.2.51
Severity: normal


Messages such as these are no longer being filtered by logcheck
('hostname' used to replace actual hostname; 'hostname.com' used to
replace actual domain):

Dec 23 12:02:58 hostname postfix/lmtp[5047]: 38BE4C21ED: to=<root at hostname.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=2/0.16/0.05/1.8, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=03852-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 86403C21FC)
Dec 23 12:03:00 hostname postfix/lmtp[5047]: E8CD1C21ED: to=<root at hostname.com>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=2, delays=0.17/0.01/0.15/1.7, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=04093-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7D190C21FC)

Such messages are common when using amavisd-new with lmtp to do spam and
virus scanning with postfix.  I believe this rule will prevent these
messages, but I have not tested it yet (modified from a previous version
of the same rule that used to be included in ignore.d.server/postfix in
the logcheck-database package):

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+ [^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA\([^[:space:]]+\): 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$

Dave


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.20-ben7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.3      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
* logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false

More information about the Logcheck-devel mailing list