Bug#708197: Perl errors in logwatch output for exim

2013-06-18 Thread Willi Mann 
Hi,

Sorry for the long delay. Please test attached patch which changes the
IP address regexes in the exim script to also match IPv6 addresses. If
it works for you, I'll include it in the next upload.

thanks
WM

On 2013-05-22 01:37, Peter Chubb wrote:
 Here are some more.
 
 
 2013-05-22 08:38:02 no host name found for IP address 
 2402:1800:4000:1:25cf:3683:5983:f169
 2013-05-22 08:38:02 unexpected disconnection while reading SMTP command from 
 (localhost) [2402:1800:4000:1:25cf:3683:5983:f169]
 2013-05-22 08:38:05 no host name found for IP address 
 2402:1800:4000:1:25cf:3683:5983:f169
 2013-05-22 08:38:05 unexpected disconnection while reading SMTP
 command from (localhost) [2402:1800:4000:1:25cf:3683:5983:f169]
 
 
 --
 Dr Peter Chubbpeter.chubb AT 
 nicta.com.au
 http://www.ssrg.nicta.com.au  Software Systems Research Group/NICTA
 

diff --git a/scripts/services/exim b/scripts/services/exim
index 63e8d00..c3510c3 100755
--- a/scripts/services/exim
+++ b/scripts/services/exim
@@ -114,6 +114,10 @@ sub wedlug_liczb {
 
 my $SearchDate = TimeFilter(%Y-%m-%d %H:%M:%S);
 
+# Regex to match IPv4 addresses and IPv6 addresses
+# IPv6 part could be made more strict
+my $IPAddress = qr/\d+\.\d+\.\d+\.\d+|[a-fA-F0-9]*:[a-fA-F0-9:]*/;
+
 while (defined($ThisLine = STDIN)) {
chomp($ThisLine);
 # pobierz dzisiejsza date z 2002-03-31 22:13:48 ...
@@ -382,7 +386,7 @@ if ($Detail = $LvlVirus) {
  # Link date and time (looks cleaner)...
  $aa = $mdate $mtime;
  # Extract the REAL IP address...
- ($bb) = ($ThisOne =~ m/\s\[(\d+\.\d+\.\d+\.\d+)\]\s/);
+ ($bb) = ($ThisOne =~ m/\s\[($IPAddress)\]\s/);
 # Exim = 4.50 compiled with, WITH_CONTENT_SCAN=yes
  # Default warning looks like this...
 # rejected after DATA: This message contains a [vV]irus (%s).
@@ -440,19 +444,19 @@ if ($Detail = $LvlDontAccept) {
  }
  elsif ( $ThisOne =~ m/contains attached .(.*) file, which is blacklisted/ ) {
 $cc = Blocked Attachment;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ /believed to be spam/ ) {
 $cc = Blocked Fragmented Message;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ /[Ww]arning: dnsbl\.sorbs\.net/ ) {
 $cc = Blocked by DNSBL (SORBS);
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ /fragments administratively prohibited/ ) {
 $cc = Blocked Fragmented Message;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ m/unqualified sender rejected: (.*)/ ) {
 $cc = Unqualified Sender;
@@ -464,7 +468,7 @@ if ($Detail = $LvlDontAccept) {
  }
  elsif ( $ThisOne =~ m/not accept Windows executables/ ) {
 $cc = Blocked Attachment;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ m/remote host address is the local host/ ) {
 $cc = Invalid local domain;
@@ -517,39 +521,39 @@ if ($Detail = $LvlProtocl) {
 
  if ( $ThisOne =~ m/SMTP protocol violation\:\s(.*?\(.*?\))\:/ ) {
 $cc = $1;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ /unexpected disconnection while reading SMTP command/ ) {
 $cc = Sudden disconnect while expecting remote input;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
- elsif ( $ThisOne =~ m/rejected ([HE][EH])LO from \[(\d+\.\d+\.\d+\.\d+)\]\:\s(.*?):\s(.*?)$/ ) {
+ elsif ( $ThisOne =~ m/rejected ([HE][EH])LO from \[($IPAddress)\]\:\s(.*?):\s(.*?)$/ ) {
 $cc = Rejected HELO/EHLO: $3;
 $bb = $2 ($1LO $4);
  }
  elsif ( $ThisOne =~ /SMTP data timeout \(message abandoned\) on connection from/ ) {
 $cc = SMTP Timeout errors;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ /SMTP command timeout on connection from/ ) {
 $cc = SMTP Timeout errors;
-( $bb ) = ($ThisOne =~ m/\[(\d+\.\d+\.\d+\.\d+)\]/);
+( $bb ) = ($ThisOne =~ m/\[($IPAddress)\]/);
  }
  elsif ( $ThisOne =~ /syntactically invalid argument/ ) {
 $cc = SMTP Syntax

Bug#708197: Perl errors in logwatch output for exim

2013-05-21 Thread Peter Chubb 
Here are some more.


2013-05-22 08:38:02 no host name found for IP address 
2402:1800:4000:1:25cf:3683:5983:f169
2013-05-22 08:38:02 unexpected disconnection while reading SMTP command from 
(localhost) [2402:1800:4000:1:25cf:3683:5983:f169]
2013-05-22 08:38:05 no host name found for IP address 
2402:1800:4000:1:25cf:3683:5983:f169
2013-05-22 08:38:05 unexpected disconnection while reading SMTP
command from (localhost) [2402:1800:4000:1:25cf:3683:5983:f169]


--
Dr Peter Chubb  peter.chubb AT nicta.com.au
http://www.ssrg.nicta.com.au  Software Systems Research Group/NICTA


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#708197: Perl errors in logwatch output for exim

2013-05-14 Thread Willi Mann 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

Am 2013-05-14 01:09, schrieb Peter Chubb:
 Every day I see:
 
 Use of uninitialized value $bb in string ne at
 /usr/share/logwatch/scripts/services/exim line 611, STDIN line
 1376.
 
 multiple times in the logwatch outputbefore the --- Bad Hosts ---
 line.

I guess the problem is that the exim script was written for IPv4 only
and you are probably getting the messages on IPv6 entries. Can you
confirm that? If yes, could you please make some of those lines
available? Anonymized is OK of course.

WM
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJRkoA3AAoJEIy+IZx0V22BGaoP/jhi0LtCuEudFgzpxeQuYISl
2Q2g4xMruJ9FmYjornNoNe7wub0y5jJO9QJHLM/hr2u+Z2SA5m0N1pTghjV8Hdid
o3ltvQ/y7sGEYinhPR4tpl4xEo/Eaaq/BV6Wveh83Q6f03WkuibfFTiECiPytJeu
yo49EqgaezhI2GP3d60yj8oCyEkdDD0DnS+pFF235titz0Ro8g6XUuQBTJeROzaq
IIK8XkAvnDmdgbPpQ4A3nONneKnHp5sziLYAnrho6i7pvidgVPqORIhEPVeEZ4vu
ROJ64UFNfyYGJUmj6hevxcEKParsyazXFQxGQUlk0bgFmphL2LI8K5Ej+Tp+9Y2s
RJNSdGRmZ+UEf6BY0gjmEGa1RcLCmjHYcJd1NsrwPxRyy/6u7O7mP8dz4wN8qBG7
xmaOZfjrEFdx1s7Dc7NlO+atROum5AGP1FJuoj0J+jeECCsbU4lwyc+oqELg+YHg
nVUaCveN0neJ5SxxWT/Bv6d9Mzjd83NXF331hL8ZcWdH2D+vDvh6NOtXvh6YfFRH
Ws1i543kNksr/EOSCOo4XGWoV3wgIzmI9c6PhyLtNYv5mEXtQUvWi1RS+Z0n78Zq
UT3zlYsVouw8Z9tBYprCbmHOMrJxRkjkx2J/OfMu4BI1TZMqY8O7XvCAosG2M/Ef
IHetnNU+sVPrs9LQUS0Y
=CKLw
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#708197: Perl errors in logwatch output for exim

2013-05-14 Thread Peter Chubb 
I'm not sure which logfile logwatch is grabbing its lines from.  This
is from /var/log/exim4/mainlog

2013-05-15 06:25:45 1UcLn6-0007YJ-Ub = r...@ertos.nicta.com.au H=(duvel.ertos.n
icta.com.au) [2402:1800:4000:1:223:7dff:fe5f:1a36] P=esmtp S=10827 id=E1UcLmZ-00
04nr...@duvel.ertos.nicta.com.au
2013-05-15 06:25:46 1UcLn6-0007YJ-Ub = disy.logwa...@cse.unsw.edu.au R=smarthos
t T=remote_smtp_smarthost H=lemon.gelato.unsw.edu.au [2402:1800:0:11::5:20] X=TL
S1.0:RSA_AES_256_CBC_SHA1:32 DN=CN=lemon.gelato.unsw.edu.au
2013-05-15 06:25:46 1UcLn6-0007YJ-Ub Completed

--
Dr Peter Chubb  peter.chubb AT nicta.com.au
http://www.ssrg.nicta.com.au  Software Systems Research Group/NICTA


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#708197: Perl errors in logwatch output for exim

2013-05-13 Thread Peter Chubb 
Package: logwatch
Version: 7.4.0+svn20120502rev103-1
Severity: normal

Every day I see:

 Use of uninitialized value $bb in string ne at 
/usr/share/logwatch/scripts/services/exim line 611, STDIN line 1376.

multiple times in the logwatch outputbefore the --- Bad Hosts --- line.


-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'oldstable'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logwatch depends on:
ii  exim4-daemon-light [mail-tran 4.80-7 lightweight Exim MTA (v4) daemon
ii  perl  5.14.2-21  Larry Wall's Practical Extraction 

Versions of packages logwatch recommends:
ii  libdate-manip-perl6.39-1 module for manipulating dates

Versions of packages logwatch suggests:
pn  fortune-mod   none (no description available)

-- Configuration Files:
/etc/cron.daily/00logwatch changed:
test -x /usr/share/logwatch/scripts/logwatch.pl || exit 0
/usr/sbin/logwatch --mailto disy.logwa...@cse.unsw.edu.au


-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org