[Logcheck-devel] Bug#317772: logcheck: please add rule to filter messages for mailman list admins

toby cabot toby at caboteria.org
Mon Jul 11 12:22:05 UTC 2005 

Package: logcheck
Version: 1.2.40
Severity: wishlist

Hi Folks, thanks for your work maintaining the logcheck package - it
works very well indeed.  I run a couple of light-traffic mailing
lists, but get a lot of spam.  I was getting "Security Events"
messages from logcheck whenever a message arrived that needed admin
attention (like a post from someone who's not subscribed).  They
looked like:

Jul  6 11:24:27 phoenix postfix/local[30050]: AD387C42EF: to=<xksc-admin at caboteria.org>, relay=local, delay=1, status=sent (delivered to command: /var/lib/mailman/mail/mailman admin xksc)

I think they happen because of the word "admin" in the message, so I
added a line to /etc/logcheck/violations.ignore.d/logcheck-postfix to
screen them out:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$

I'm not sure if this is the correct file but it seems to work.

Thanks,
Toby

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck depends on:
ii  adduser          3.64                    Add and remove users and groups
ii  cron             3.0pl1-87               management of regular background p
ii  debconf [debconf 1.4.51                  Debian configuration management sy
ii  debianutils      2.14.1                  Miscellaneous utilities specific t
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.40                  A database of system log rules for
ii  logtail          1.2.40                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii  postfix [mail-tr 2.2.3-3                 A high-performance mail transport 
ii  sysklogd [system 1.4.1-17                System Logging Daemon

logcheck recommends no packages.

-- debconf information:
* logcheck/noroot:
  logcheck/changes:
* logcheck/install-note:

More information about the Logcheck-devel mailing list