Package: logcheck-database Version: 1.2.62 Severity: wishlist Tags: patch The messages of policyd-weight changed with 0.1.14.5-1. Attached patch changes the rules to match the new log lines.
Regards, -- Sami Haahtinen <[EMAIL PROTECTED]>
diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index 5e9f33b..fe2b08c 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -117,9 +117,9 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: sql plugin doing query select password from [_[:alnum:]]+ where [_[:alnum:]]+='[EMAIL PROTECTED]:alnum:]-]+';?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: sql plugin Parse the username [^[:space:]]+$
# policyd-weight
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND X-policyd-weight: using cached result; rate: (-)?[[:digit:].]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo: [^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)))*|Your MTA is listed in too many DNSBLs; check [^[:space:]]+)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight): ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) )+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\) ([\()/_[:alpha:]]+=(-)?[[:digit:].]+ )+)*<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>, rate: (-)?[[:digit:].]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+; delay: [[:digit:]]+s$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo: [^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)))*|Your MTA is listed in too many DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors - retrying too fast. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries.)( \(multirecipient mail\))?; delay: [[:digit:]]+s$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight): ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) ?)+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\) ([\()/_[:alpha:]]+=(-)?[[:digit:].]+ )+)*(<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>)?, rate: (-)?[[:digit:].]+(; delay: [[:digit:]]+s)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+ from HAM cache$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: milter unix:/var/run/clamav/clamav-milter\.ctl: can't read SMFIC_MAIL reply packet header: Connection timed out$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: TLS library problem: [[:digit:]]+:error:[[:xdigit:]]+:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt\.c:[[:digit:]]+:SSL alert number 10:$
signature.asc
Description: This is a digitally signed message part
