[Logcheck-devel] Bug#263321: logcheck: Error and missing sendmail rules

Markus Peuhkuri puhuri at iki.fi
Tue Aug 3 19:51:04 UTC 2004 

Package: logcheck
Version: 1.2.24
Severity: minor

There is a regexp error in ignore.d.server/sendmail:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [:alnu\m:]+: [:alnum:]+: DSN: Return receipt$

It should be 

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:alnu\m:]]+: [[:alnum:]]+: DSN: Return receipt$

([:alnum:] should be in character class according to POSIX)

There are also some missing ignore rules for 
sendmail+milter+spamassassin.

Milter change or Milter message is not identified

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:aln\um:]]+: Milter (change|message):.*$

Sendmail seems to use now queue-id[linecount] if log message is multiline

Aug  3 18:25:51 palvelin sm-mta[2935]: i73IPO01002935[1]: Milter add

Following eats all following lines (as there is no easy rule to match 
for rest of line, as it may start from any point).

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:aln\um:]]+\[[0-9]+\]:.*$

Also spamassassin X-Spam-Report header triggers security event as many 
rules have something that is "invalid" (or INVALID) 
(violations.d/logcheck).  A fix would be adding Milter messages

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:aln\um:]]+: Milter (change|message):.*$

to violations.ignore.d/sendmail.

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i586)
Kernel: Linux 2.6.6
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck depends on:
ii  adduser          3.58                    Add and remove users and groups
ii  cron             3.0pl1-86               management of regular background p
ii  debconf [debconf 1.4.30                  Debian configuration management sy
ii  debianutils      2.8.4                   Miscellaneous utilities specific t
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.24                  A database of system log rules for
ii  logtail          1.2.24                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20040524cvs-1 A simple mail user agent
ii  perl             5.8.4-2                 Larry Wall's Practical Extraction 
ii  sendmail [mail-t 8.12.11.Final-5         A powerful, efficient, and scalabl
ii  sysklogd [system 1.4.1-15                System Logging Daemon

-- debconf information:
  logcheck/changes:
* logcheck/install-note:

-- 
Markus Peuhkuri            ! http://www.iki.fi/puhuri/

More information about the Logcheck-devel mailing list