[Logcheck-devel] Bug#317772: logcheck: please add rule to filter messages for mailman list admins
toby cabot
toby at caboteria.org
Mon Jul 11 12:22:05 UTC 2005
Package: logcheck
Version: 1.2.40
Severity: wishlist
Hi Folks, thanks for your work maintaining the logcheck package - it
works very well indeed. I run a couple of light-traffic mailing
lists, but get a lot of spam. I was getting "Security Events"
messages from logcheck whenever a message arrived that needed admin
attention (like a post from someone who's not subscribed). They
looked like:
Jul 6 11:24:27 phoenix postfix/local[30050]: AD387C42EF: to=<xksc-admin at caboteria.org>, relay=local, delay=1, status=sent (delivered to command: /var/lib/mailman/mail/mailman admin xksc)
I think they happen because of the word "admin" in the message, so I
added a line to /etc/logcheck/violations.ignore.d/logcheck-postfix to
screen them out:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
I'm not sure if this is the correct file but it seems to work.
Thanks,
Toby
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck depends on:
ii adduser 3.64 Add and remove users and groups
ii cron 3.0pl1-87 management of regular background p
ii debconf [debconf 1.4.51 Debian configuration management sy
ii debianutils 2.14.1 Miscellaneous utilities specific t
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.40 A database of system log rules for
ii logtail 1.2.40 Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii postfix [mail-tr 2.2.3-3 A high-performance mail transport
ii sysklogd [system 1.4.1-17 System Logging Daemon
logcheck recommends no packages.
-- debconf information:
* logcheck/noroot:
logcheck/changes:
* logcheck/install-note:
More information about the Logcheck-devel
mailing list