Package: amavisd-new
Version: 1:2.5.2-2
Followup-For: Bug #451094
Tags: patch
The logcheck rules in /etc/logcheck/ignore.d.server/amavisd-new don't
catch anymore some syslog messages generated by amavis.
So the following changes make logcheck catch these messages again :
In the Passed CLEAN rule :
'{1,2}' needs to be changed to '{0,2}' to catch messages with no IP.
'size: [[:xdigit:]]+,' needs to be added before 'queued_as'.
'OK id=[-[:alnum:]]+,' needs to be added after 'queued_as'.
In the Passed BAD-HEADER rule :
conditionnal Resent-Message-ID copied from CLEAN rule.
'size' and 'OK id' added as well.
Patch attached.
Thanks
marc
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (50, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages amavisd-new depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii file 4.21-3 Determines file type using "magic"
ii libarchive-tar-perl 1.36-1 Archive::Tar - manipulate tar file
ii libarchive-zip-perl 1.18-1 Module for manipulation of ZIP arc
ii libberkeleydb-perl 0.31-1 use Berkeley DB 4 databases from P
ii libcompress-zlib-perl 2.008-1 Perl module for creation and manip
ii libconvert-tnef-perl 0.17-5 Perl module to read TNEF files
ii libconvert-uulib-perl 1.09-1 Perl interface to the uulib librar
pn libdigest-md5-perl <none> (no description available)
ii libio-stringy-perl 2.110-3 Perl5 modules for IO from scalars
ii libmailtools-perl 1.77-1 Manipulate email in perl programs
pn libmime-base64-perl <none> (no description available)
ii libmime-perl 5.420-2 Perl5 modules for MIME-compliant m
ii libnet-server-perl 0.94-1 An extensible, general perl server
ii libunix-syslog-perl 1.0-1 Perl interface to the UNIX syslog(
ii perl [libtime-hires-perl] 5.8.8-12 Larry Wall's Practical Extraction
amavisd-new recommends no packages.
-- debconf information:
amavisd-new/outdated_config_style_warning:
--
marc
--- /etc/logcheck/ignore.d.server/amavisd-new 2007-08-23 14:25:51.000000000 +0200
+++ amavisd-new 2007-11-30 00:05:02.000000000 +0100
@@ -1,5 +1,5 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (INFECTED \([-._[:alnum:]]+\)|BAD-HEADER),( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> -> <[^>]*>, quarantine: (virus|badh)-[-+[:alnum:]]+, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?, mail_id: [-+[:alnum:]]+, Hits: -, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+ OK id=[-[:alnum:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (INFECTED \([-._[:alnum:]]+\)|BAD-HEADER),( \[[.:[:xdigit:]]+\]){1,2} <[^>]*> -> <[^>]*>, quarantine: (virus|badh)-[-+[:alnum:]]+, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+ OK id=[-[:alnum:]]+, [[:digit:]]+ ms$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) NOTICE: Not sending DSN in response to bulk mail from <[^.]*> containing [[:upper:] ]+, mail intentionally dropped$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) INFO: unfolded [[:digit:]]+ illegal all-whitespace continuation lines$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) WARN: address modified \((sender|recipient)\): <[^>]+> -> <[^>]+>$
