[Logcheck-devel] Bug#263321: logcheck: Error and missing sendmail rules
Markus Peuhkuri
puhuri at iki.fi
Tue Aug 3 19:51:04 UTC 2004
Package: logcheck
Version: 1.2.24
Severity: minor
There is a regexp error in ignore.d.server/sendmail:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [:alnu\m:]+: [:alnum:]+: DSN: Return receipt$
It should be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:alnu\m:]]+: [[:alnum:]]+: DSN: Return receipt$
([:alnum:] should be in character class according to POSIX)
There are also some missing ignore rules for
sendmail+milter+spamassassin.
Milter change or Milter message is not identified
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:aln\um:]]+: Milter (change|message):.*$
Sendmail seems to use now queue-id[linecount] if log message is multiline
Aug 3 18:25:51 palvelin sm-mta[2935]: i73IPO01002935[1]: Milter add
Following eats all following lines (as there is no easy rule to match
for rest of line, as it may start from any point).
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:aln\um:]]+\[[0-9]+\]:.*$
Also spamassassin X-Spam-Report header triggers security event as many
rules have something that is "invalid" (or INVALID)
(violations.d/logcheck). A fix would be adding Milter messages
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:aln\um:]]+: Milter (change|message):.*$
to violations.ignore.d/sendmail.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i586)
Kernel: Linux 2.6.6
Locale: LANG=C, LC_CTYPE=C
Versions of packages logcheck depends on:
ii adduser 3.58 Add and remove users and groups
ii cron 3.0pl1-86 management of regular background p
ii debconf [debconf 1.4.30 Debian configuration management sy
ii debianutils 2.8.4 Miscellaneous utilities specific t
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.24 A database of system log rules for
ii logtail 1.2.24 Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent
ii perl 5.8.4-2 Larry Wall's Practical Extraction
ii sendmail [mail-t 8.12.11.Final-5 A powerful, efficient, and scalabl
ii sysklogd [system 1.4.1-15 System Logging Daemon
-- debconf information:
logcheck/changes:
* logcheck/install-note:
--
Markus Peuhkuri ! http://www.iki.fi/puhuri/
More information about the Logcheck-devel
mailing list