Bug#441356: logwatch: Needs summary of SPF reject messages

Sat, 08 Sep 2007 22:19:19 -0700 

Package: logwatch
Version: 7.3.1-5
Severity: normal

I know that this might not get included with the current release.  However I
think that if that is the case it should remain open until Lenny is released
so that other people using Etch on servers can find the patch.

--- postfix.orig        2007-09-07 14:28:51.000000000 +1000
+++ /usr/share/logwatch/scripts/services/postfix        2007-09-09 
15:10:20.000000000 +1000
@@ -291,6 +297,8 @@
       $RejectUnknownClient{$Host}{$Helo}{$Sender}{$Recip}++;
       $RejectUnknownClientHost{"$Host  helo=<$Helo>"}++;
       $RejectUnknownClients++;
+   } elsif ( ($Domain) = ($ThisLine =~ /reject: RCPT from [^ ]* [0-9]* 
[0-9\.]* <[EMAIL PROTECTED]([^>]*)>: Recipient address rejected: Please see 
http:\/\/www.openspf.org\/why.html/)) {
+      $ForgerySPF{$Domain}++;
    } elsif ( ($Host,$Recip,$Reason) = ($ThisLine =~ /reject: RCPT from ([^ 
]*\[[^ ]*\]): $re_DSN <(.*)>: Recipient address rejected: (.*);/)) {
       $Temp = "$Host : $Reason";
       $RejectRecip{$Recip}{$Temp}++;
@@ -745,6 +761,23 @@
    }
 }
 
+if (keys %ForgerySPF) {
+   if ($Detail >= 5) {
+      print "\n\nSPF message rejection counts by sender domain:\n";
+      foreach $Domain (keys %ForgerySPF) {
+         print "  $Domain : $ForgerySPF{$Domain}\n";
+      }
+   }
+   else {
+      $n=0;
+      $rn=scalar(keys %HeaderWarning);
+      foreach $Domain (keys %ForgerySPF) {
+         $n+=$ForgerySPF{$Domain};
+      }
+      print "\n\n$n message(s) rejected by SPF for $rn sender domain(s)";
+   }
+}
+
 if (keys %HeaderWarning) {
    if ($Detail >= 10) {
       print "\n\nHeader content warning (but passed):\n";

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-xen-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)

Versions of packages logwatch depends on:
ii  perl                          5.8.8-7    Larry Wall's Practical Extraction 
ii  postfix [mail-transport-agent 2.3.8-2+b1 A high-performance mail transport 

Versions of packages logwatch recommends:
ii  libdate-manip-perl            5.44-5     a perl library for manipulating da

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to