package: logcheck-database
version: 1.3.13
severity: wishlist
Hi,
basically daily I get system events like
Aug 30 17:18:12 alpha amavis[25542]: (25542-18) Passed SPAM, [128.233.192.41]
[60.191.19.150]
<akeiaioiw32e...@yahoo.de> -> <hol...@layer-acht.org>, quarantine:
l/spam-lqVFlLbHc1ZN.gz, Message-ID:
<shareweb13l6qkejmuf00007...@shareweb1.usask.ca>, mail_id: lqVFlLbHc1ZN, Hits:
8.447, size: 3335, queued_as:
136AACACFE1, 458 ms
which are quite annoying. The supplied amavisd rules don't catch it and
my cusom local rules (attached) neither.
I'd be happy if you could point out the error in my rules as well updating
the packages rules.
Thanks for maintaining logcheck!
cheers,
Holger
amavis\[[0-9]+\]: +(\([-0-9]+\) +)INFO: no existing header field 'Subject',
inserting it$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id:
[-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as:
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id:
[-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as:
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed SPAM,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*,( quarantine: ?/spam-[-[:alnum:]]+.gz, )(Message-ID:
<[^>]+>)( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID:
<[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size:
[[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed SPAM,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*,( quarantine: ?/spam-[-[:alnum:]]+.gz,) Message-ID: <[^>]+>(
\((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)?
mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as:
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed UNCHECKED,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id:
[-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as:
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed UNCHECKED,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*>
-> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id:
[-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as:
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
