[Logcheck-devel] [PATCH] i.d.s/postfix: fixed policyd-weight patterns

Mon Jun 14 21:22:36 UTC 2010

At least the policyd-weight in lenny seems to generate quite different
patterns. For example the 'rate' is output multiple times in some
situations, the 'check from' is omited sometimes and somehow those log
messages have a trailing blank.

With those patterns logcheck stays silent again.

Signed-off-by: Mathias Krause <minipli at googlemail.com>
---
 rulefiles/linux/ignore.d.server/postfix |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index be14415..2a6b554 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -29,10 +29,10 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [[:digit:]a-f.:]+, header_comment=[.[:alnum:]]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [[:xdigit:].:]{3,39} as permitted sender$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: decided action=DUNNO$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: handler sender_permitted_from: DUNNO$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight):  ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) )+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\)  ([\()/_[:alnum:]]+=(-)?[[:digit:].]+ )+)*<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>, rate: (-)?[[:digit:].]+(; delay: [[:digit:]]+s)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+ from HAM cache$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo: [^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)|please relay via your ISP \([._[:alnum:]-]+\)))*|Your MTA is listed in too many DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors - retrying too fast\. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries\.)( \(multirecipient mail\))?(; delay: [[:digit:]]+s)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+(; delay: [[:digit:]]+s)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight):  ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) ?)+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\)  ([\()/_[:alnum:]]+=(-)?[[:digit:].]+ ?)+)?(; rate: (-)?[[:digit:].]+)?; *<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>(; rate: (-)?[[:digit:].]+)?(; delay: [[:digit:]]+s)? ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+ from HAM cache ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo: [^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)|please relay via your ISP \([._[:alnum:]-]+\)))*|Your MTA is listed in too many DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors - retrying too fast\. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries\.)( \(multirecipient mail\))?(; delay: [[:digit:]]+s)? ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+(; *<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>)?(; delay: [[:digit:]]+s)? ?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postfix-script: refreshing the Postfix mail system$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postsuper\[[[:digit:]]+\]: Deleted: [[:digit:]]+ messages?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/qmgr\[[[:digit:]]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+ \(queue active\)$
-- 
1.5.6.5


