Bug#1087329: logwatch: Postfix filter for policyd-spf is incorrect

Mon, 11 Nov 2024 09:36:20 -0800 

Package: logwatch
Version: 7.7-1
Severity: normal

Dear Maintainer,

I am running postfix-policyd-spf-python with my postfix installation and 
logwatch. When logwatch runs, it reports unmatched lined like:

 **Unmatched Entries**
        1   Nov 10 13:06:39 mail-www policyd-spf[586022]: : prepend 
Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=81.3.27.42; 
helo=mail01.ipfire.org; envelope-from=development-boun...@lists.ipfire.org; 
receiver=howitts.co.uk

The the problem is that the filter is not expecting (mailfrom) in the string it 
is looking for. I have also seen strings like (no SPF record) and (sender SPF 
authorized) in the logs and they are not being picked up either.

The patch to fix the logs I have observed so far is:

--- /usr/share/logwatch/scripts/services/.postfix.orig  2024-11-10 
18:12:26.555940987 +0000
+++ /usr/share/logwatch/scripts/services/postfix        2024-11-11 
17:02:32.000000000 +0000
@@ -1892,7 +1892,7 @@
    # Pass;      identity=helo;     client-ip=192.168.0.2; helo=example.com; 
envelope-from=<>;            receiver=bo...@example.net
    # Permerror; identity=helo;     client-ip=192.168.0.4; helo=example.com; 
envelope-from=f...@example.com; receiver=bog...@example.net
    # Softfail;  identity=mailfrom; client-ip=192.168.0.6; helo=example.com; 
envelope-from=f...@example.com; receiver=y...@example.org
-   if ($line =~ /^(?:prepend Received-SPF: 
)?(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror);? (.*)$/) {
+   if ($line =~ /^(?:: prepend Received-SPF: 
)?(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror) \(.+\) (.*)$/) {
          my $result = $1;
          my %params = $2 =~ /([-\w]+)=([^;]+)/g;
          #$params{'s'} = '*unknown' unless $params{'s'};

There seem to be quite a few possible values to allow for in 
/usr/lib/python3/dist-packages/spf.py with different punctuation (-.:=~ and 
space) so I am doing a non-greedy match of all characters between brackets to 
pick them up.

-- System Information:
Debian Release: 12.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-26-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages logwatch depends on:
ii  perl                            5.36.0-7+deb12u1
ii  postfix [mail-transport-agent]  3.7.11-0+deb12u1

Versions of packages logwatch recommends:
ii  libdate-manip-perl   6.91-1
ii  libsys-cpu-perl      0.61-3+b1
ii  libsys-meminfo-perl  0.99-2+b1

logwatch suggests no packages.

-- no debconf information

Reply via email to