Package: logwatch Version: 7.4.3+git20161207-2 Severity: normal I am running postfix-policyd-spf-python 2.0.1-1 and postfix 3.1.6-0+deb9u1. Logwatch is not matching the SPF log lines.
Example log lines: Jul 30 17:39:16 zaphod policyd-spf[15493]: prepend Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; envelope-from=remin...@mail.jetsetter.com; receiver=<UNKNOWN> Jul 30 17:32:19 zaphod policyd-spf[15290]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=192.243.244.120; helo=r120.p30.neolane.net; envelope-from=easyfundraising-mkt-pr...@e.easyfundraising.org.uk; receiver=<UNKNOWN> Jul 30 15:36:15 zaphod policyd-spf[12978]: prepend Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; envelope-from=tep...@7788056.com; receiver=<UNKNOWN> Jul 30 15:42:40 zaphod policyd-spf[13151]: prepend Received-SPF: None (no SPF record) identity=no SPF record; client-ip=5.79.33.58; helo=rsweb1.pindigital.com; envelope-from=<>; receiver=<UNKNOWN> The log lines appear to contain the text "prepend Received-SPF: " at the front, and no ";" after the status. The following change to the postscript script works, but no longer matches the original log lines, of course: --- /usr/share/logwatch/scripts/services/postfix 2017-01-21 16:44:03.000000000 +0000 +++ postfix 2018-07-30 18:11:34.000000000 +0100 @@ -1887,7 +1887,8 @@ # Pass; identity=helo; client-ip=192.168.0.2; helo=example.com; envelope-from=<>; receiver=bo...@example.net # Permerror; identity=helo; client-ip=192.168.0.4; helo=example.com; envelope-from=f...@example.com; receiver=bog...@example.net # Softfail; identity=mailfrom; client-ip=192.168.0.6; helo=example.com; envelope-from=f...@example.com; receiver=y...@example.org - if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); (.*)$/) { +#GRC if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); (.*)$/) { + if ($line =~ /^prepend Received-SPF: (Pass|Fail|None|Neutral|Permerror|Softfail|Temperror) (.*)$/) { my $result = $1; my %params = $2 =~ /([-\w]+)=([^;]+)/g; #$params{'s'} = '*unknown' unless $params{'s'}; -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.utf8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.utf8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages logwatch depends on: ii perl 5.24.1-3+deb9u4 ii postfix [mail-transport-agent] 3.1.6-0+deb9u1 Versions of packages logwatch recommends: ii libdate-manip-perl 6.57-1 ii libsys-cpu-perl 0.61-2+b1 ii libsys-meminfo-perl 0.99-1 Versions of packages logwatch suggests: pn fortune-mod <none> -- no debconf information