Bug#497941: logwatch: Logwatch does not know milter log lines

Fri, 05 Sep 2008 08:11:22 -0700 

Package: logwatch
Version: 7.3.1-5
Severity: wishlist
Tags: patch

Logwatch does not undestand lines about milter filtering

For example:
        Sep  5 16:55:01 ks358063 postfix/cleanup[26108]: 8A41F401B9: 
milter-reject:
        END-OF-MESSAGE from unknown[89.215.222.182]: 5.7.1 Blocked by 
SpamAssassin;
        from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
        helo=<mx1.performance.bg>

        Sep  4 09:13:50 ks358063 postfix/cleanup[26074]: F0D6F401B9: 
milter-reject: 
        END-OF-MESSAGE from 147-153.2-85.cust.bluewin.ch[85.2.153.147]: 5.7.1 
virus 
        Worm.SomeFool.P detected by ClamAV - http://www.clamav.net; 
        from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
        helo=<example.org>

Here is a patch to count filtered message for each address.

Ideally, it should be configurable to only report highest values, and ratio
of accepted and rejected messages.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24.5-grsec-xxxx-grs-ipv4-64
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)

Versions of packages logwatch depends on:
ii  perl                     5.8.8-7etch3    Larry Wall's Practical Extraction 
ii  postfix [mail-transport- 2.5.1-1~bpo40+1 High-performance mail transport ag

Versions of packages logwatch recommends:
pn  libdate-manip-perl            <none>     (no description available)

-- no debconf information

--- /usr/share/logwatch/scripts/services/postfix        2006-12-04 
23:36:08.000000000 +0100
+++ /etc/logwatch/scripts/services/postfix      2008-09-02 12:06:23.000000000 
+0200
@@ -389,6 +391,8 @@
       $ProcessExit{$Status}{$Process}++;
    } elsif ( ($Option,$Reason) = ($ThisLine =~ /^fatal: config variable ([^ 
]*): (.*)$/)) {
       $ConfigError{$Option}{$Reason}++;
+   } elsif ( ($Milter,$User) = ($ThisLine =~ /milter-reject: END-OF-MESSAGE 
from [^ ]+\[[^ ]+\]: 5.7.1 (.+); from=<.+?> to=<(.+?)> proto=/)) {
+      $Milter{$Milter}{$User}++;
    } elsif ( ($Warn) = ($ThisLine =~ /^warning: (.*)/)) {
       # keep this as the next to last condition
       $UnknownWarnings{$Warn}++;
@@ -911,6 +915,16 @@
    }
 }
 
+if (keys %Milter) {
+   print "\n\nMilter rejected:\n";
+   foreach $Milter (sort {$a cmp $b} keys %Milter) {
+      print "   Milter: $Milter\n";
+      foreach $User (sort {$a cmp $b} keys %{$Milter{$Milter}} ) {
+         print "      $User: $Milter{$Milter}{$User} Time(s)\n";
+      }
+   }
+}
+
 if (keys %RejectRBL) {
    print "\n\nMessages rejected using Anti-Spam site $RejectedRBL Time(s)\n";
    foreach $Site (sort {$a cmp $b} keys %RejectRBL) {

Reply via email to