Package: ssmtp
Severity: normal
This is somewhat of a followup to #427737, which attempted to bring the
logcheck rule up to date. The problem is that the part of the syslog
message in parentheses is actually the reply from the SMTP server to the
QUIT command. The submitters were probably running Postfix (good for
you, guys!), but connecting to other MTAs will obviously result in
different messages.
Here's an updated version of the rule that looks for the only thing we
can rely on: the reply code, which is 221 per RFC 2821. The text
component of the reply, though mandatory, is sometimes omitted by crappy
MTAs, so I took the liberty of making it optional.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP\[[0-9]+\]: Sent mail for .* \(221(
.*)?\) uid=[0-9]+ username=[\._[:alnum:]-]+ outbytes=[0-9]+$
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
