Bug#708197: Perl errors in logwatch output for exim
Hi, Sorry for the long delay. Please test attached patch which changes the IP address regexes in the exim script to also match IPv6 addresses. If it works for you, I'll include it in the next upload. thanks WM On 2013-05-22 01:37, Peter Chubb wrote: > Here are some more. > > > 2013-05-22 08:38:02 no host name found for IP address > 2402:1800:4000:1:25cf:3683:5983:f169 > 2013-05-22 08:38:02 unexpected disconnection while reading SMTP command from > (localhost) [2402:1800:4000:1:25cf:3683:5983:f169] > 2013-05-22 08:38:05 no host name found for IP address > 2402:1800:4000:1:25cf:3683:5983:f169 > 2013-05-22 08:38:05 unexpected disconnection while reading SMTP > command from (localhost) [2402:1800:4000:1:25cf:3683:5983:f169] > > > -- > Dr Peter Chubbpeter.chubb AT > nicta.com.au > http://www.ssrg.nicta.com.au Software Systems Research Group/NICTA > diff --git a/scripts/services/exim b/scripts/services/exim index 63e8d00..c3510c3 100755 --- a/scripts/services/exim +++ b/scripts/services/exim @@ -114,6 +114,10 @@ sub wedlug_liczb { my $SearchDate = TimeFilter("%Y-%m-%d %H:%M:%S"); +# Regex to match IPv4 addresses and IPv6 addresses +# IPv6 part could be made more strict +my $IPAddress = qr/\d+\.\d+\.\d+\.\d+|[a-fA-F0-9]*:[a-fA-F0-9:]*/; + while (defined($ThisLine = )) { chomp($ThisLine); # pobierz dzisiejsza date z 2002-03-31 22:13:48 ... @@ -382,7 +386,7 @@ if ($Detail >= $LvlVirus) { # Link date and time (looks cleaner)... $aa = "$mdate $mtime"; # Extract the REAL IP address... - ($bb) = ($ThisOne =~ m/\s\[(\d+\.\d+\.\d+\.\d+)\]\s/); + ($bb) = ($ThisOne =~ m/\s\[($IPAddress)\]\s/); # Exim >= 4.50 compiled with, WITH_CONTENT_SCAN=yes # Default warning looks like this... # rejected after DATA: This message contains a [vV]irus (%s). @@ -440,19 +444,19 @@ if ($Detail >= $LvlDontAccept) { } elsif ( $ThisOne =~ m/contains attached ".(.*)" file, which is blacklisted/ ) { $cc = "Blocked Attachment"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ /believed to be spam/ ) { $cc = "Blocked Fragmented Message"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ /[Ww]arning: dnsbl\.sorbs\.net/ ) { $cc = "Blocked by DNSBL (SORBS)"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ /fragments administratively prohibited/ ) { $cc = "Blocked Fragmented Message"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ m/unqualified sender rejected: <(.*)>/ ) { $cc = "Unqualified Sender"; @@ -464,7 +468,7 @@ if ($Detail >= $LvlDontAccept) { } elsif ( $ThisOne =~ m/not accept Windows executables/ ) { $cc = "Blocked Attachment"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ m/remote host address is the local host/ ) { $cc = "Invalid local domain"; @@ -517,39 +521,39 @@ if ($Detail >= $LvlProtocl) { if ( $ThisOne =~ m/SMTP protocol violation\:\s(.*?\(.*?\))\:/ ) { $cc = $1; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ /unexpected disconnection while reading SMTP command/ ) { $cc = "Sudden disconnect while expecting remote input"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } - elsif ( $ThisOne =~ m/rejected ([HE][EH])LO from \[(\d+\.\d+\.\d+\.\d+)\]\:\s(.*?):\s(.*?)$/ ) { + elsif ( $ThisOne =~ m/rejected ([HE][EH])LO from \[($IPAddress)\]\:\s(.*?):\s(.*?)$/ ) { $cc = "Rejected HELO/EHLO: $3"; $bb = "$2 ($1LO $4)"; } elsif ( $ThisOne =~ /SMTP data timeout \(message abandoned\) on connection from/ ) { $cc = "SMTP Timeout errors"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ /SMTP command timeout on connection from/ ) { $cc = "SMTP Timeout errors"; -( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/); +( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/); } elsif ( $ThisOne =~ /syntactically invalid
Bug#708197: Perl errors in logwatch output for exim
Here are some more. 2013-05-22 08:38:02 no host name found for IP address 2402:1800:4000:1:25cf:3683:5983:f169 2013-05-22 08:38:02 unexpected disconnection while reading SMTP command from (localhost) [2402:1800:4000:1:25cf:3683:5983:f169] 2013-05-22 08:38:05 no host name found for IP address 2402:1800:4000:1:25cf:3683:5983:f169 2013-05-22 08:38:05 unexpected disconnection while reading SMTP command from (localhost) [2402:1800:4000:1:25cf:3683:5983:f169] -- Dr Peter Chubb peter.chubb AT nicta.com.au http://www.ssrg.nicta.com.au Software Systems Research Group/NICTA -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#708197: Perl errors in logwatch output for exim
I'm not sure which logfile logwatch is grabbing its lines from. This is from /var/log/exim4/mainlog 2013-05-15 06:25:45 1UcLn6-0007YJ-Ub <= r...@ertos.nicta.com.au H=(duvel.ertos.n icta.com.au) [2402:1800:4000:1:223:7dff:fe5f:1a36] P=esmtp S=10827 id=E1UcLmZ-00 04nr...@duvel.ertos.nicta.com.au 2013-05-15 06:25:46 1UcLn6-0007YJ-Ub => disy.logwa...@cse.unsw.edu.au R=smarthos t T=remote_smtp_smarthost H=lemon.gelato.unsw.edu.au [2402:1800:0:11::5:20] X=TL S1.0:RSA_AES_256_CBC_SHA1:32 DN="CN=lemon.gelato.unsw.edu.au" 2013-05-15 06:25:46 1UcLn6-0007YJ-Ub Completed -- Dr Peter Chubb peter.chubb AT nicta.com.au http://www.ssrg.nicta.com.au Software Systems Research Group/NICTA -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#708197: Perl errors in logwatch output for exim
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Am 2013-05-14 01:09, schrieb Peter Chubb: > Every day I see: > > Use of uninitialized value $bb in string ne at > /usr/share/logwatch/scripts/services/exim line 611, line > 1376. > > multiple times in the logwatch outputbefore the --- Bad Hosts --- > line. I guess the problem is that the exim script was written for IPv4 only and you are probably getting the messages on IPv6 entries. Can you confirm that? If yes, could you please make some of those lines available? Anonymized is OK of course. WM -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJRkoA3AAoJEIy+IZx0V22BGaoP/jhi0LtCuEudFgzpxeQuYISl 2Q2g4xMruJ9FmYjornNoNe7wub0y5jJO9QJHLM/hr2u+Z2SA5m0N1pTghjV8Hdid o3ltvQ/y7sGEYinhPR4tpl4xEo/Eaaq/BV6Wveh83Q6f03WkuibfFTiECiPytJeu yo49EqgaezhI2GP3d60yj8oCyEkdDD0DnS+pFF235titz0Ro8g6XUuQBTJeROzaq IIK8XkAvnDmdgbPpQ4A3nONneKnHp5sziLYAnrho6i7pvidgVPqORIhEPVeEZ4vu ROJ64UFNfyYGJUmj6hevxcEKParsyazXFQxGQUlk0bgFmphL2LI8K5Ej+Tp+9Y2s RJNSdGRmZ+UEf6BY0gjmEGa1RcLCmjHYcJd1NsrwPxRyy/6u7O7mP8dz4wN8qBG7 xmaOZfjrEFdx1s7Dc7NlO+atROum5AGP1FJuoj0J+jeECCsbU4lwyc+oqELg+YHg nVUaCveN0neJ5SxxWT/Bv6d9Mzjd83NXF331hL8ZcWdH2D+vDvh6NOtXvh6YfFRH Ws1i543kNksr/EOSCOo4XGWoV3wgIzmI9c6PhyLtNYv5mEXtQUvWi1RS+Z0n78Zq UT3zlYsVouw8Z9tBYprCbmHOMrJxRkjkx2J/OfMu4BI1TZMqY8O7XvCAosG2M/Ef IHetnNU+sVPrs9LQUS0Y =CKLw -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#708197: Perl errors in logwatch output for exim
Package: logwatch Version: 7.4.0+svn20120502rev103-1 Severity: normal Every day I see: Use of uninitialized value $bb in string ne at /usr/share/logwatch/scripts/services/exim line 611, line 1376. multiple times in the logwatch outputbefore the --- Bad Hosts --- line. -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (990, 'stable'), (500, 'oldstable'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logwatch depends on: ii exim4-daemon-light [mail-tran 4.80-7 lightweight Exim MTA (v4) daemon ii perl 5.14.2-21 Larry Wall's Practical Extraction Versions of packages logwatch recommends: ii libdate-manip-perl6.39-1 module for manipulating dates Versions of packages logwatch suggests: pn fortune-mod(no description available) -- Configuration Files: /etc/cron.daily/00logwatch changed: test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0 /usr/sbin/logwatch --mailto disy.logwa...@cse.unsw.edu.au -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org