Package: logcheck Version: 1.3.18 Severity: important Tags: security [Note: I've tagged this with security because of the DoS potential, where admins relying on logcheck can have their logs "lost" if someone generates a long log message. Your choice whether you think it's legitimate or not, but I am obligated to point it out.]
If a log line is generated that is >998 characters, logcheck will generate an illegal (MUST in SMTP RFC is violated) e-mail message that exim (and possibly other mailers) will choke on. This was caused because we force mime-encode to use an encoding of 7bit on the resultant logfiles. That's fundamentally a mistake, as mime-encode is smart enough to recognize that the encoding needs to be changed in cases where lines have non-ascii characters or are too long, and will re-encode as quoted-printable. I can imagine, in days past, that this was a deliberate choice because so many sysadmin types were using non-mime-compliant MUAs and wanted to be able to simply cut and paste out of /bin/mailx output, but we don't live in that universe and haven't for a couple of decades. Dropping all log messages because of one overly-long-line is highly problematic. Fix: Any place in `/usr/sbin/logcheck` where there is --enconding "7bit" can simply be removed. Let mime-encode do its job, it knows better than logcheck what to do with the input data. -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-042stab120.16 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages logcheck depends on: ii adduser 3.115 ii cron [cron-daemon] 3.0pl1-128+b1 ii exim4-daemon-light [mail-transport-agent] 4.88-5 ii lockfile-progs 0.1.17+b1 ii logtail 1.3.18 ii mime-construct 1.11+nmu2 ii rsyslog [system-log-daemon] 8.24.0-1 Versions of packages logcheck recommends: ii logcheck-database 1.3.18 Versions of packages logcheck suggests: pn syslog-summary <none> -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: '/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: '/etc/logcheck/logcheck.logfiles' -- no debconf information