[Logcheck-devel] Bug#642466: logcheck-database: Should ignore postfix proxy-accept log messages
Kevin Locke
kevin at kevinlocke.name
Thu Sep 22 19:05:22 UTC 2011
Package: logcheck-database
Severity: normal
Dear Maintainer,
When configured to use an smtpd_proxy_filter (e.g. with spampd), postfix
reports the status of the proxy request when it receives the proxy's
END-OF-DATA reply. The log message is generated in data_cmd() at around
src/smtpd/smtpd.c:3133 and is logged for each email message. For
successfully delivered emails, this message is always safe to ignore
while for rejections (which occur when a message is filtered by the
proxy) the message is usually safe to ignore.
To ignore only the successful deliveries, the following rule should be
sufficient:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: proxy-accept: END-OF-MESSAGE: 250 ([[:digit:].]+ )?Ok: queued as [[:upper:][:digit:]]+; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$
And to ignore all proxy filter delivery messages:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: proxy-(accept|reject): END-OF-MESSAGE: [[:digit:]]{3} ([[:digit:].]+ )?.*; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$
I would suggest the second rule be added to ignore.d.server/postfix and
I am unsure if the first might be suitable for ignore.d.paranoid/postfix
or if successful deliveries should still be reported.
Cheers,
Kevin
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 3.0.4-kevinoid1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Logcheck-devel
mailing list