Your message dated Mon, 7 Jul 2008 20:06:22 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#450874: logcheck-database: bind patterns need to match
IPv6
has caused the Debian Bug report #450874,
regarding logcheck-database: bind patterns need to match IPv6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
450874: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450874
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.2.63
Severity: normal
The patterns for bind match IP addresses with
[.[:digit:]]+
which matches IP4 only. I believe the correct pattern is
[.:[:xdigit:]]+
although I stole this from another pattern for courier that used
[.:[:alnum:]]+
I think the courier pattern is overly broad, but I might be wrong.
The particular new rule that I need is
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unexpected RCODE
\((FORMERR|SERVFAIL|NXDOMAIN|NOTIMP|REFUSED|YXDOMAIN|YXRRSET|NXRRSET|NOTAUTH|NOTZONE|BADVERS|<rcode
[[:digit:]]+>|[[:digit:]]+)\) resolving '[^[:space:]]+':
[.:[:xdigit:]]+#[0-9]+$
but the problem seems general (probably other packages have this problem too).
The absence of matching on IPv6 was causing a loop with this report
named[21563]: unexpected RCODE (REFUSED) resolving 'palmcoastcondo.com/NS/IN':
::1#53
When logcheck ran it reported this as a security event. Spamassassin
scanned the message (arguably it shouldn't), and in so doing tried to
lookup the domain again. The domain is misconfigured (the original
message was spam) and reports that ::1 is one of its nameservers.
Thanks to Michael Shuler <[EMAIL PROTECTED]> for helping me
figure this out.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-5-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--- End Message ---
--- Begin Message ---
Version: 1.2.64
* Ross Boylan <[EMAIL PROTECTED]> [2007-11-11 22:04:47 CET]:
> The patterns for bind match IP addresses with
> [.[:digit:]]+
> which matches IP4 only. I believe the correct pattern is
> [.:[:xdigit:]]+
> although I stole this from another pattern for courier that used
> [.:[:alnum:]]+
> I think the courier pattern is overly broad, but I might be wrong.
* Frédéric Brière <[EMAIL PROTECTED]> [2008-03-16 18:21:45 CET]:
> # Commit e23f18d05e0eae63ed8e5abec455e8d677373e05
> tag 450874 pending
That commit has been part of the 1.2.64 release, thus I close the
bugreport with that version.
So long,
Rhonda
--- End Message ---
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
