Package: logcheck Version: 1.2.41 Severity: normal Tags: patch Another ipv6 bug:
All postfix rules involving an ip are "binded" to ipv4. I've made a little patch. In that patch I have also corrected the line containing host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$ my version of postfix (sarge) prepend to it the message id and added the line containing: lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$ Ciao -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8) Versions of packages logcheck depends on: ii adduser 3.63 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.13 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii grep 2.5.1.ds1-4 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.41 database of system log rules for t ii logtail 1.2.41 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postfix [mail-tr 2.1.5-9 A high-performance mail transport ii sysklogd [system 1.4.1-17 System Logging Daemon -- debconf information excluded -- --------------------------------------------------------------------- | Marco Nenciarini | Debian/GNU Linux Developer - Plug Member | | [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia | --------------------------------------------------------------------- Key fingerprint = FED9 69C7 9E67 21F5 7D95 5270 6864 730D F095 E5E4
--- postfix.old 2005-09-07 18:36:30.145443870 +0200
+++ postfix 2005-09-07 19:23:22.815751312 +0200
@@ -18,21 +18,22 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Peer|Server)
certificate could not be verified$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for
hostname [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection
established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher [^[:space:]]+
\([/0-9]+ bits\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS
connection (to|from) [._[:alnum:]-]+(\[[0-9.]+{7,15}\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS
connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Verified:
subject_CN=.*, issuer=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Unverified:
subject_CN=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: OTP unavailable
because can't read/write key database /etc/opiekeys: No such file or directory$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9.]{7,15}\]: [45][0-9][0-9] .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Connection refused \(port [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ No route to host \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Network is unreachable \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ server refused mail service \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ \[[0-9a-f.:]{3,39}\]: read timeout \(port 25\)$
# Postfix 2.1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ server dropped connection without sending the initial SMTP
greeting \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: host [^[:space:]]+
refused to talk to me: [45][0-9][0-9].*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending end of data -- message may be
sent more than once$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection
after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of
DATA) command\)$
@@ -43,30 +44,30 @@
# Postfix < 2.1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+: server dropped connection without sending the initial greeting
\(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=\<.*\>, relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] said:
.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [.0-9]+:
address not listed for hostname [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[[0-9a-f.:]{3,39}]+: address not listed for hostname [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors
after RCPT from [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
valid_hostname: invalid character [0-9]+\(decimal\): .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
valid_hostname: misplaced delimiter: .$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning:
valid_hostname: empty hostname$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: malformed
domain name in resource data of MX record for .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric
domain name in resource data of MX record for [._[:alnum:]-]+: [0-9.]{7,15}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric
domain name in resource data of MX record for [._[:alnum:]-]+: [0-9a-f.:]{3,39}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: mailer
loop: best MX for [^[:space:]]+ is local$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
enabling PIX <CRLF>\.<CRLF> workaround for .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: malformed
domain name in resource data of CNAME record for [^[:space:]]+: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after
(HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[.0-9]{7,15}\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<.+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [.0-9]+ in address->name lookup for [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL
command: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error
from [._[:alnum:]-]+\[[0-9.]{7,15}\]: -1$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error
from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_spf_result: unknown SPF result 4 \(unknown\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=[^[:space:]]+(\]|\[[^[:space:]]+\]), delay=[0-9]+, status=sent \(250
[0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+|, discarded,
UBE, id=[-0-9]+))*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=local, delay=[0-9]+, status=sent \(delivered to command: exec
/usr/bin/procmail\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9.]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL
PROTECTED]:alnum:]]+ designates [.0-9]+ as permitted sender$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL
PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\((smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start
interval \w{3} [ :0-9]{11}$
signature.asc
Description: Digital signature
