Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch On Debian Squeeze the rules installed with logcheck for the qpopper POP3 service seem to be incomplete and outdated. First line "connect from" needs to accept an IP-address after the host name. Also I needed to add two more rules: one to ignore the message "Servicing request" when clients connect, and one to ignore the bogus error message "Unable to open bulletin directory '/var/spool/popbull'" when mail is read by clients.
The version of qpopper installed here is 4.0.9.dfsg-1.2. Patch attached. cheers, David -- System Information: Debian Release: 6.0.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: mipsel (mips64) Kernel: Linux 2.6.39.4-dk1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk.gpg Fingerprint: B17A DC95 D293 657B 4205 D016 7DEF 5323 C174 7D40
Index: logcheck.ignore/qpopper
===================================================================
--- logcheck.ignore.orig/qpopper 2011-11-02 21:58:04.409495461 +0100
+++ logcheck.ignore/qpopper 2011-11-02 21:58:54.757714318 +0100
@@ -1,6 +1,8 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+ \([.[:digit:]]{7,15}\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) POP login by user \"[@._[:alnum:]-]+\" at \([._[:alnum:]-]+\) [.[:digit:]]+ \[pop_log.c:244\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \[drac\]: login by [@._[:alnum:]-]+ from host [._[:alnum:]-]+ \([.[:digit:]]+\) \[drac.c:[0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: [@._[:alnum:]-]+ at [._[:alnum:]-]+ \([.[:digit:]]+\): -ERR Message [[:digit:]]+ does not exist. \[pop_send.c:289\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: ([@._[:alnum:]-]+|\(null\)) at [._[:alnum:]-]+ \([.[:digit:]]+\): -ERR Unknown command: \"[[:alnum:]]+\". \[pop_get_command.c:152\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) Unable to get canonical name of client [.[:digit:]]+: Name or service not known \(-2\) \[pop_init.c:1196\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) Servicing request from "[^"]+" at [.[:digit:]]{7,15} \[pop_init.c:[0-9]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: Unable to open bulletin directory '/var/spool/popbull': No such file or directory \(2\) \[pop_bull.c:[0-9]+\]$
pgpzN2K5xXtjS.pgp
Description: PGP signature
