Bug#302220: postfix_mailstats: overzealous regex for rejects

Wed, 30 Mar 2005 10:24:15 -0800 

Package: munin-node
Version: 1.2.2-3
Severity: normal

The postfix_mailstats plugin uses a coarse perl regex to attempt to
match reject codes in the mail log.

    231         }
    232         elsif ($line =~ /reject: \S+ \S+ \S+ (\S+)/)
    233         {
    234             $rejects->{$1} ++;

If you will note by the following log entries, postfix rejects messages
from different applications with different message formats.  The first
listed is from the cleanup daemon rejecting a message based on
mime_header regex matching.

Mar 29 17:20:43 hostname postfix/cleanup[15643]: 29CD210067: reject: header 
Content-Type: application/x-zip-compressed; name="message.zip" from 
c-67-167-108-192.client.comcast.net[67.167.108.192]; from=<[EMAIL PROTECTED]> 
to=<[EMAIL PROTECTED]> proto=SMTP helo=<localhost>: Mail filters have 
determined that your email appears to be infected with the Bagle virus.  Email 
[EMAIL PROTECTED] if you feel this REJECT was in error.

Here's a reject from the smtpd daemon.  This is what the coarse regex
above is attempting to match.

Mar 29 17:32:15 hostname postfix/smtpd[17441]: NOQUEUE: reject: RCPT from 
hsdbsc69-11-111-36.sasknet.sk.ca[69.11.111.36]: 554 Service unavailable; Client 
host [69.11.111.36] blocked using cbl.abuseat.org; Blocked - see 
http://cbl.abuseat.org/lookup.cgi?ip=69.11.111.36; from=<[EMAIL PROTECTED]> 
to=<[EMAIL PROTECTED]> proto=ESMTP helo=<hsdbsc69-11-111-36.sasknet.sk.ca>

I propose the following change to line 232::

    232         elsif ($line =~ /postfix\/smtpd.*reject: \S+ \S+ \S+ (\S+)/)

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ANSI_X3.4-1968) (ignored: LC_ALL 
set to C)

Versions of packages munin-node depends on:
ii  libnet-server-perl            0.87-3     An extensible, general perl server
ii  perl                          5.8.4-8    Larry Wall's Practical Extraction 
ii  procps                        1:3.2.1-2  The /proc file system utilities

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to