tags 317772 pending
thanks
On Mon, 11 Jul 2005, toby cabot wrote:
> Hi Folks, thanks for your work maintaining the logcheck package - it
> works very well indeed. I run a couple of light-traffic mailing
> lists, but get a lot of spam. I was getting "Security Events"
> messages from logcheck whenever a message arrived that needed admin
> attention (like a post from someone who's not subscribed). They
> looked like:
>
> Jul 6 11:24:27 phoenix postfix/local[30050]: AD387C42EF: to=<[EMAIL
> PROTECTED]>, relay=local, delay=1, status=sent (delivered to command:
> /var/lib/mailman/mail/mailman admin xksc)
indeed we have no rules covering mailman yet.
> I think they happen because of the word "admin" in the message, so I
> added a line to /etc/logcheck/violations.ignore.d/logcheck-postfix to
> screen them out:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
> [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
> relay=local, delay=[0-9]+, status=sent \(delivered to command:
> /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
>
> I'm not sure if this is the correct file but it seems to work.
indeed the word admin is crucial for aboves report.
seems like the right file to add for current cvs, done.
for your own usage you might like to use local-package files.
> Thanks,
> Toby
thank you!
if you have other such nicely crafted regexes, feel free to open other
bugs concerning them.
--
maks
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
