Bug#905018: logwatch: does not match postfix-policyd-spf-python logs

Mon, 30 Jul 2018 10:21:27 -0700 

Package: logwatch
Version: 7.4.3+git20161207-2
Severity: normal

I am running postfix-policyd-spf-python 2.0.1-1 and postfix 3.1.6-0+deb9u1.
Logwatch is not matching the SPF log lines.

Example log lines:

Jul 30 17:39:16 zaphod policyd-spf[15493]: prepend Received-SPF: Softfail 
(mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; 
envelope-from=remin...@mail.jetsetter.com; receiver=<UNKNOWN>
Jul 30 17:32:19 zaphod policyd-spf[15290]: prepend Received-SPF: Pass 
(mailfrom) identity=mailfrom; client-ip=192.243.244.120; 
helo=r120.p30.neolane.net; 
envelope-from=easyfundraising-mkt-pr...@e.easyfundraising.org.uk; 
receiver=<UNKNOWN>
Jul 30 15:36:15 zaphod policyd-spf[12978]: prepend Received-SPF: Fail 
(mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; 
envelope-from=tep...@7788056.com; receiver=<UNKNOWN>
Jul 30 15:42:40 zaphod policyd-spf[13151]: prepend Received-SPF: None (no SPF 
record) identity=no SPF record; client-ip=5.79.33.58; 
helo=rsweb1.pindigital.com; envelope-from=<>; receiver=<UNKNOWN>

The log lines appear to contain the text "prepend Received-SPF: " at the front, 
and no ";" after the status.
The following change to the postscript script works, but no longer matches the 
original log lines, of course:

--- /usr/share/logwatch/scripts/services/postfix        2017-01-21 
16:44:03.000000000 +0000
+++ postfix     2018-07-30 18:11:34.000000000 +0100
@@ -1887,7 +1887,8 @@
    # Pass;      identity=helo;     client-ip=192.168.0.2; helo=example.com; 
envelope-from=<>;            receiver=bo...@example.net
    # Permerror; identity=helo;     client-ip=192.168.0.4; helo=example.com; 
envelope-from=f...@example.com; receiver=bog...@example.net
    # Softfail;  identity=mailfrom; client-ip=192.168.0.6; helo=example.com; 
envelope-from=f...@example.com; receiver=y...@example.org 
-   if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); 
(.*)$/) {
+#GRC   if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); 
(.*)$/) {
+   if ($line =~ /^prepend Received-SPF: 
(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror) (.*)$/) {
          my $result = $1;
          my %params = $2 =~ /([-\w]+)=([^;]+)/g;
          #$params{'s'} = '*unknown' unless $params{'s'};


-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_GB.utf8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to 
en_GB.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages logwatch depends on:
ii  perl                            5.24.1-3+deb9u4
ii  postfix [mail-transport-agent]  3.1.6-0+deb9u1

Versions of packages logwatch recommends:
ii  libdate-manip-perl   6.57-1
ii  libsys-cpu-perl      0.61-2+b1
ii  libsys-meminfo-perl  0.99-1

Versions of packages logwatch suggests:
pn  fortune-mod  <none>

-- no debconf information

Reply via email to