Bug#382442: ... and yet another

Fri, 11 Aug 2006 07:53:11 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This same problem occurs in another rule in logcheck-postfix:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
[[:upper:]0-9]+: reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9](
<[^[:space:]]*>:)? Sender address rejected: Domain not found;
from=<[^[:space:]]*> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$

Many cases have a "to=" occuring after the "from=" and before the
"proto=" as the following logline illustrates:

Aug 11 05:02:04 buffy postfix/smtpd[30286]: NOQUEUE: reject: RCPT from
unknown[0.0.0.0]: 450 <[EMAIL PROTECTED]>: Recipient address
rejected: Temporarily refused, please try again later;
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]>
proto=SMTP helo=<0.0.0.0>"

So the "Sender address rejected: Domain not found" logcheck rule also
needs to be modified in the same way as the "Sender address rejected"
line was modified in the previous entries to this bug.

I've attached a new patch, which resolves both of these issues, you can
ignore the previous two patches as this one replaces those.

Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE3I/H9n4qXRzy1ioRArMtAKCkadeK25ISP5tMgS2/CUBoYnJ3mQCeOzAE
1PcTTOARWlUTyFZYMgclJPY=
=Z7x3
-----END PGP SIGNATURE-----

=== logcheck-postfix
==================================================================
--- logcheck-postfix    (revision 1168)
+++ logcheck-postfix    (local)
@@ -1,6 +1,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
[.[:digit:]]+: hostname [^[:space:]]+ verification failed: (Host not found|Host 
name has no address|Name or service not known|Temporary failure in name 
resolution)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
reject: RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your 
hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP) 
helo=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: 
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> 
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: 
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> 
(to=<[^[:space:]]+> )?proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo 
command rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> 
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied; 
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9] Service unavailable; 
Sender address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)? 
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
@@ -35,5 +35,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: SASL 
authentication failure: Password verification failed
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:upper:]0-9]+: 
reject: body .* from [._[:alnum:]-]+\[[0-9.]{7,15}\]; from=<[^[:space:]]*> 
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>: Email with EXE 
files attached denied
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: 
[[:upper:][:digit:]]+: reject: header Content-Type: application/x-msdownload; 
name=.* from [._[:alnum:]-]+\[[0-9.]{7,15}\]; from=<.*> to=<.*> proto=SMTP 
helo=<.*>: Message content rejected
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( <[^[:space:]]*>:)? 
Sender address rejected: Domain not found; from=<[^[:space:]]*> 
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( <[^[:space:]]*>:)? 
Sender address rejected: Domain not found; from=<[^[:space:]]*> 
(to=<[^[:space:]]+> )?proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL 
(LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed$

Reply via email to