Bug#327114: [Logcheck-devel] Bug#327114: postfix rules does not work with ipv6

[Todd Troxell]

tags 327114 pending
thanks.

Thanks, applied.

On Wed, Sep 07, 2005 at 07:59:13PM +0200, Marco Nenciarini wrote:
> Package: logcheck
> Version: 1.2.41
> Severity: normal
> Tags: patch
> 
> Another ipv6 bug:
> 
> All postfix rules involving an ip are "binded" to ipv4.
> 
> I've made a little patch.
> 
> In that patch I have also corrected the line containing
> 
> host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
> 
> my version of postfix (sarge) prepend to it the message id
> and added the line containing:
> 
> lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
> 
> Ciao
> 
> -- System Information:
> Debian Release: 3.1
>   APT prefers unstable
>   APT policy: (500, 'unstable')
> Architecture: i386 (i686)
> Kernel: Linux 2.6.8-2-k7
> Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
> 
> Versions of packages logcheck depends on:
> ii  adduser          3.63                    Add and remove users and groups
> ii  cron             3.0pl1-86               management of regular background 
> p
> ii  debconf [debconf 1.4.30.13               Debian configuration management 
> sy
> ii  debianutils      2.8.4                   Miscellaneous utilities specific 
> t
> ii  grep             2.5.1.ds1-4             GNU grep, egrep and fgrep
> ii  lockfile-progs   0.1.10                  Programs for locking and 
> unlocking
> ii  logcheck-databas 1.2.41                  database of system log rules for 
> t
> ii  logtail          1.2.41                  Print log file lines that have 
> not
> ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
> ii  postfix [mail-tr 2.1.5-9                 A high-performance mail 
> transport 
> ii  sysklogd [system 1.4.1-17                System Logging Daemon
> 
> -- debconf information excluded
> 
> -- 
> ---------------------------------------------------------------------
> |    Marco Nenciarini    | Debian/GNU Linux Developer - Plug Member |
> | [EMAIL PROTECTED] | http://www.prato.linux.it/~mnencia       |
> ---------------------------------------------------------------------
> Key fingerprint = FED9 69C7 9E67 21F5 7D95  5270 6864 730D F095 E5E4
> 

> --- postfix.old       2005-09-07 18:36:30.145443870 +0200
> +++ postfix   2005-09-07 19:23:22.815751312 +0200
> @@ -18,21 +18,22 @@
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Peer|Server) 
> certificate could not be verified$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for 
> hostname [._[:alnum:]-]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection 
> established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher 
> [^[:space:]]+ \([/0-9]+ bits\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS 
> connection (to|from) [._[:alnum:]-]+(\[[0-9.]+{7,15}\])?$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS 
> connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: 
> fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Verified: 
> subject_CN=.*, issuer=.*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Unverified: 
> subject_CN=.*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: OTP unavailable 
> because can't read/write key database /etc/opiekeys: No such file or 
> directory$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
> reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9.]{7,15}\]: [45][0-9][0-9] .*$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
> reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] 
> .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ Connection refused \(port [0-9]+\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ No route to host \(port 25\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ Network is unreachable \(port 25\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ server refused mail service \(port 25\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ \[[0-9a-f.:]{3,39}\]: read timeout \(port 25\)$
>  # Postfix 2.1
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+ server dropped connection without sending the initial SMTP 
> greeting \(port 25\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: host 
> [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: 
> host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: 
> lost connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: 
> lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: 
> lost connection with [^[:space:]]+ while sending end of data -- message may 
> be sent more than once$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection 
> after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from 
> [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: 
> host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of 
> DATA) command\)$
> @@ -43,30 +44,30 @@
>  # Postfix < 2.1
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to 
> [^[:space:]]+: server dropped connection without sending the initial greeting 
> \(port 25\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: 
> to=\<.*\>, relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] 
> said: .*$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> [.0-9]+: address not listed for hostname [^[:space:]]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> [[0-9a-f.:]{3,39}]+: address not listed for hostname [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors 
> after RCPT from [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> valid_hostname: invalid character [0-9]+\(decimal\): .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> valid_hostname: misplaced delimiter: .$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: 
> valid_hostname: empty hostname$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: 
> malformed domain name in resource data of MX record for .*$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric 
> domain name in resource data of MX record for [._[:alnum:]-]+: [0-9.]{7,15}$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric 
> domain name in resource data of MX record for [._[:alnum:]-]+: 
> [0-9a-f.:]{3,39}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: mailer 
> loop: best MX for [^[:space:]]+ is local$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: 
> enabling PIX <CRLF>\.<CRLF> workaround for .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> malformed domain name in resource data of CNAME record for [^[:space:]]+: .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after 
> (HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
> client=[^[:space:]]+, sasl_sender=.*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
> client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
> client=[._[:alnum:]-]+\[[.0-9]{7,15}\]$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: 
> client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: 
> resent-message-id=<.+>$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric 
> result [.0-9]+ in address->name lookup for [^[:space:]]+$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric 
> result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal 
> address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent 
> non-SMTP command: .*$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal 
> address syntax from 
> [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL 
> command: .*$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error 
> from [._[:alnum:]-]+\[[0-9.]{7,15}\]: -1$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error 
> from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: 
> smtpd_spf_result: unknown SPF result 4 \(unknown\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: 
> [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
> relay=[^[:space:]]+(\]|\[[^[:space:]]+\]), delay=[0-9]+, status=sent \(250 
> [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+|, discarded, 
> UBE, id=[-0-9]+))*\)$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: 
> [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
> relay=local, delay=[0-9]+, status=sent \(delivered to command: exec 
> /usr/bin/procmail\)$
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: 
> smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9.]+, 
> header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL 
> PROTECTED]:alnum:]]+ designates [.0-9]+ as permitted sender$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: 
> smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, 
> header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL 
> PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max 
> (message|recipient|connection) (count|rate) [/[:digit:]s]+ for 
> \((smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max 
> cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: 
> start interval \w{3} [ :0-9]{11}$




> _______________________________________________
> Logcheck-devel mailing list
> [EMAIL PROTECTED]
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel


-- 
Todd Troxell
http://rapidpacket.com/~xtat


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]