Your message dated Thu, 08 Sep 2011 14:48:50 +0000 with message-id <e1r1fum-0008sf...@franck.debian.org> and subject line Bug#639839: fixed in logcheck 1.3.14 has caused the Debian Bug report #639839, regarding amavisd-new: logcheck "Passed: CLEAN|SPAM" doesn't work because mail-id can contain "-" to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: amavisd-new Version: 1:2.6.4-3 Severity: normal Tags: squeeze As seen here: Feb 4 12:59:00 server amavis[10256]: (10256-08) Passed SPAM, [91.187.16.183] [91.187.16.183] <xxx...@xxxxx.xx> -> <xx...@xxxx.xx>, quarantine: spam-7UpI76jX-2a1.gz, mail_id: 7UpI76jX-2a1, Hits: 21.685, size: 1341, queued_as: DAD2C16400FD, 4517 ms the mail_id can contain the '-' character but the logcheck rule doesn't acount for that: s/[[:space:]]*$//' /root/test | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|SPAM),( LOCAL)?( \[(IPv6:)?[[[:xdigit:].:]{3,39}\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,)?( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: ((-)?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages amavisd-new depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy ii file 5.04-5 Determines file type using "magic" ii libarchive-zip-perl 1.30-3 Perl module for manipulation of ZI ii libberkeleydb-perl 0.42-1~squeeze1 use Berkeley DB 4 databases from P ii libcompress-raw-zlib-per 2.026-1 low-level interface to zlib compre ii libconvert-tnef-perl 0.17-9 Perl module to read TNEF files ii libconvert-uulib-perl 1.12-1 Perl interface to the uulib librar pn libdigest-md5-perl <none> (no description available) ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a ii libmail-dkim-perl 0.38-1 cryptographically identify the sen ii libmailtools-perl 2.06-1 Manipulate email in perl programs pn libmime-base64-perl <none> (no description available) ii libmime-tools-perl 5.428-1 Perl5 modules for MIME-compliant m ii libnet-server-perl 0.97-1 An extensible, general perl server ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog( ii pax 1:20090728-1 Portable Archive Interchange ii perl [libtime-hires-perl 5.10.1-17 Larry Wall's Practical Extraction ii perl-modules [libarchive 5.10.1-17 Core Perl modules amavisd-new recommends no packages. Versions of packages amavisd-new suggests: pn apt-listchanges <none> (no description available) ii arj 3.10.22-9 archiver for .arj files ii cabextract 1.3-1 a program to extract Microsoft Cab ii clamav 0.96.5+dfsg-1.1 anti-virus utility for Unix - comm ii clamav-daemon 0.96.5+dfsg-1.1 anti-virus utility for Unix - scan ii cpio 2.11-4 GNU cpio -- a program to manage ar pn dspam <none> (no description available) ii lha 1.14i-10.3 lzh archiver pn libauthen-sasl-perl <none> (no description available) ii libdbi-perl 1.612-1 Perl Database Interface (DBI) ii libmail-dkim-perl 0.38-1 cryptographically identify the sen pn libnet-ldap-perl <none> (no description available) pn libsnmp-perl <none> (no description available) ii lzop 1.02~rc1-2 fast compression program ii nomarch 1.4-3 Unpacks .ARC and .ARK MS-DOS archi pn p7zip <none> (no description available) pn rpm <none> (no description available) ii spamassassin 3.3.1-1 Perl-based spam filter using text ii unrar 1:3.9.10-1 Unarchiver for .rar files (non-fre pn unrar-free <none> (no description available) ii zoo 2.10-22 manipulate zoo archives -- Configuration Files: /etc/amavis/conf.d/15-content_filter_mode changed: use strict; @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return /etc/amavis/conf.d/20-debian_defaults changed: use strict; $QUARANTINEDIR = "$MYHOME/virusmails"; $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages $syslog_facility = 'mail'; $syslog_priority = 'debug'; # switch to info to drop debug output, etc $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # default listenting socket $sa_spam_subject_tag = '***SPAM*** '; $sa_tag_level_deflt = undef; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $MAXLEVELS = 14; $MAXFILES = 1500; $MIN_EXPANSION_QUOTA = 100*1024; # bytes $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes $final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) $final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; # False-positive prone (for spam) $virus_admin = "adi\@turbocar.ro"; # due to D_DISCARD default $mailfrom_notify_admin = "adi\@turbocar.ro"; $X_HEADER_LINE = "Debian $myproduct_name at $mydomain"; $enable_dkim_verification = 0; #disabled to prevent warning @viruses_that_fake_sender_maps = (new_RE( [qr'\bEICAR\b'i => 0], # av test pattern name [qr/.*/ => 1], # true for everything else )); @keep_decoded_original_maps = (new_RE( qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i, )); $banned_filename_re = new_RE( # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic qr'^\.(exe-ms)$', # banned file(1) types ); @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed ## site-wide opinions about senders (the '.' matches any recipient) '.' => [ # the _first_ matching sender determines the score boost new_RE( # regexp-type lookup table, just happens to be all soft-blacklist [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0], [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0], [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i => 5.0], [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i => 5.0], [qr'^(your_friend|greatoffers)@'i => 5.0], [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i => 5.0], ), { # a hash-type lookup table (associative array) 'nob...@cert.org' => -3.0, 'cert-advis...@us-cert.gov' => -3.0, 'owner-al...@iss.net' => -3.0, 'slash...@slashdot.org' => -3.0, 'securityfocus.com' => -3.0, 'ntbugt...@listserv.ntbugtraq.com' => -3.0, 'security-ale...@linuxsecurity.com' => -3.0, 'mailman-announce-ad...@python.org' => -3.0, 'amavis-user-ad...@lists.sourceforge.net'=> -3.0, 'amavis-user-boun...@lists.sourceforge.net' => -3.0, 'spamassassin.apache.org' => -3.0, 'notification-ret...@lists.sophos.com' => -3.0, 'owner-postfix-us...@postfix.org' => -3.0, 'owner-postfix-annou...@postfix.org' => -3.0, 'owner-sendmail-annou...@lists.sendmail.org' => -3.0, 'sendmail-announce-requ...@lists.sendmail.org' => -3.0, 'donotre...@sendmail.org' => -3.0, 'ca+envel...@sendmail.org' => -3.0, 'nore...@freshmeat.net' => -3.0, 'owner-techn...@postel.acm.org' => -3.0, 'ietf-123-ow...@loki.ietf.org' => -3.0, 'cvs-commits-list-ad...@gnome.org' => -3.0, 'rt-users-ad...@lists.fsck.com' => -3.0, 'clp-requ...@comp.nus.edu.sg' => -3.0, 'surveys-err...@lists.nua.ie' => -3.0, 'emailn...@genomeweb.com' => -5.0, 'yahoo-dev-n...@yahoo-inc.com' => -3.0, 'returns.groups.yahoo.com' => -3.0, 'clustern...@linuxnetworx.com' => -3.0, lc('lvs-users-ad...@linuxvirtualserver.org') => -3.0, lc('owner-textbreakingn...@cnnimail12.cnn.com') => -5.0, # soft-blacklisting (positive score) 'sen...@example.net' => 3.0, '.example.net' => 1.0, }, ], # end of site-wide tables }); 1; # insure a defined return /etc/amavis/conf.d/50-user changed: use strict; @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'maild', 'w74)PDg39H?5zmAc']); $sql_select_policy = 'SELECT name FROM virtual_domains WHERE CONCAT("@",name) IN (%k)'; 1; # insure a defined return -- debconf information: amavisd-new/outdated_config_style_warning:
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 639...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve logouts (closes: #637918) * ignore.d.server/postfix: - ignore (temporary) rejects messages when the sender domain is not found - ignore verify cache db cleanups . [ Hannes von Haugwitz ] * src/logcheck: - added numeric timezone information to subject line - re-enabled globbing of logfile names (closes: #616103) * docs/README.logcheck-database: - mention logcheck-test in 'TESTING RULES' section * ignore.d.workstation/wpasupplicant: - match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message - allow WPA protocol in 'wpa_action: key_mgmt' message - ignore "mode=station" message - ignore "Trying to authenticate" message - allow '/run/sendsigs.omit.d' as location for pidfile (closes: #633030) * ignore.d.server/login: - adjusted rule to match serial terminals * ignore.d.workstation/kernel: - ignore "Spinning up disk" message - ignore 'cfg80211: Calling CRDA for country' message - ignore 'Monitor-Mwait' messages - ignore WLAN 'waiting for beacon' and 'beacon received' messages - allow 'device number' in '(new|reset) (low|full|high) speed USB' and 'USB disconnect' messages * ignore.d.server/cron-apt: - allow optional whitespace between value and unit, thanks to Gabor Kiss (closes: #609649) - allow optional architecture in "Get" message * ignore.d.server/dnsmasq: - allow '-' in interface name, thanks to Jan Evert van Grootheest (closes: #608256) * src/logcheck, etc/logcheck.conf: - added option to compress attachment with gzip * ignore.d.server/snmpd: - adjusted UDP rule to match new SNMP output format, thanks to Robert Naylor (closes: #613124) * docs/logcheck-test.1: - use 'logcheck-test' instead of 'logcheck' in the EXAMPLES * ignore.d.workstation/libpam-gnome-keyring: - adjusted rule to match messages without quotes (closes: #618411) * ignore.d.server/dhclient: - allow '-' in interface name (closes: #622942) * ignore.d.server/spamd: - adjusted 'child cleanup' rule to match new format, thanks to Enno Gröper (closes: #632471) * src/logcheck-test: - allow symbolic link as rule file * ignore.d.workstation/xlockmore: - applied patch by Libor Polčák: ignore local display * logcheck-database.preinst: - deleting ignore.d.server/webmin, package has been removed from debian * ignore.d.server/kernel: - ignore "kvm: emulating exchange as write" message - allow optional ". Opts: (null)" at the end of "mounted filesystem with (writeback|ordered) data mode" message * ignore.d.server/amavisd-new: - allow quarantine in "Passed SPAM" log line - allow subdirectories for quarantine messages and made Message-ID in "Passed BAD-HEADER" log lines optional, thanks to John Clements - allow compressed quarantine messages (closes: #639839) * debian/rules: - added build-indep and build-arch targets * debian/control: - bumped to Standards-Version 3.9.2 (no changes necessary) . [ Gerfried Fuchs ] * Remove myself from uploaders. . [ Jeremy L. Gaddis ] * ignore.d.server/postfix: - adjust postfix certificate fingerprint rule to match new output format, thanks to Loïc Minier (closes: #616616) * ignore.d.server/amavisd-new: - adjusted rule to match new output format, thanks to Adrian Lang (closes: #624197) * ignore.d.server/ssh: - add rule to ignore AllowGroups denial, thanks to Gerald Turner (closes: #637923) * ignore.d.server/dovecot: - adjusted rule to match IPv6 addresses, thanks to Gerald Turner (closes: #637916) * debian/copyright: - updated copyright year to 2011 - added myself as team member . [ Frédéric Brière ] * violations.d/kernel: - ignore whitespace before timestamp * ignore.d.workstation/kernel: - allow '.' in input device name Checksums-Sha1: 8211a74ba50672127d1e4bb2ead4526327a6421f 1730 logcheck_1.3.14.dsc 444a71746a812b9b4debfed0b42a4495e2e64015 161518 logcheck_1.3.14.tar.gz 5b78cb253d8686fec754a46cc21d217b0d98f08e 78314 logcheck_1.3.14_all.deb 82681d10c97d1f1f254c5bac78f7b97d88c64aa8 120492 logcheck-database_1.3.14_all.deb 6826b13068f8bfbd5785f0f20c072a06fb20602d 60812 logtail_1.3.14_all.deb Checksums-Sha256: 47f6389fb894a7d80adc6023c08d66aefc833f156ed70e4e9a5ccb7c735f713e 1730 logcheck_1.3.14.dsc aba50525b075e6b3446e18ff70b85d0704c82bcf80a5e21e4a5d2c27c555f6b0 161518 logcheck_1.3.14.tar.gz 1cfd460200699b83d41ed98cb9a170e6f20b3117600f99cee9b1821084b15bae 78314 logcheck_1.3.14_all.deb 6b0bd9d8b760ed4c2a8d8605a9301d56cb54b179a6e8bab20d5d8cf894e35c61 120492 logcheck-database_1.3.14_all.deb 195b98f352d2fe3e6e1623bd76759ded25b223d00b20deb8a024fe90ea857b8c 60812 logtail_1.3.14_all.deb Files: d78f5aac898949b0b47972bbdd0acfc2 1730 admin optional logcheck_1.3.14.dsc cbd32dbdcb877f267636205f33ede790 161518 admin optional logcheck_1.3.14.tar.gz cd5f2621ece3f672f677d72007ff04ce 78314 admin optional logcheck_1.3.14_all.deb 02529a0b39829d0665fd3cce5ead3bc7 120492 admin optional logcheck-database_1.3.14_all.deb ae2c4872e2519cc742506c72c7520e22 60812 admin optional logtail_1.3.14_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQGcBAEBCAAGBQJOaMVFAAoJEBjuhjhgIu9X9h0L/0Uldd1Bkn5paJbwjUMeYaX/ 5crohnBTBS/bHaQG7sYDL2iHvsdq/YFZ4p52qRYVVjTANco5UZCqycpB1ZLzghlm xfnfHT534tW5VNDR2lM17dnoOqM4si7g/V29RISRUuKNMwCZ7J2vqRs8+O1f29Yx Y4NcyUtqklCRxcw+fwyUEh46NLKqrgB+9Bt0stbbibbCray7oJO1VPMDhPokWL1G bdGCp2q3rhL+isFNmwYZhm09o6ymUEs5LMer189zhfYiXHmUVZU7TgDLZrl8olo4 Cj5slKkBc0hG4/uL7uiVQ++fCdsnLmVtlfkaNRsz74IN+Jjgsu4QWlixy637FC3i wmUMaqAkmDNhabbgnbJpzHE5b5zEbA26C6b5xxiD4yYDfjqg+FFm5kL0Ux5q3V74 5TyyDDDyj6kUWcPoxYCkhxv0Qfc7JHCchQh2mFFJYG/GjfwDXWfdpcHsTikIk3Pq lYr90XCfFg0Suy3+Cnkp63Yexx4rUhBUF5Hffh8nDw== =fs/N -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
