Bug#317772: [Logcheck-devel] Bug#317772: logcheck: please add rule to filter messages for mailman list admins

[maximilian attems]

tags 317772 pending
thanks

On Mon, 11 Jul 2005, toby cabot wrote:

> Hi Folks, thanks for your work maintaining the logcheck package - it
> works very well indeed.  I run a couple of light-traffic mailing
> lists, but get a lot of spam.  I was getting "Security Events"
> messages from logcheck whenever a message arrived that needed admin
> attention (like a post from someone who's not subscribed).  They
> looked like:
> 
> Jul  6 11:24:27 phoenix postfix/local[30050]: AD387C42EF: to=<xksc-admin at caboteria.org>, relay=local, delay=1, status=sent (delivered to command: /var/lib/mailman/mail/mailman admin xksc)

indeed we have no rules covering mailman yet.
 
> I think they happen because of the word "admin" in the message, so I
> added a line to /etc/logcheck/violations.ignore.d/logcheck-postfix to
> screen them out:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
> 
> I'm not sure if this is the correct file but it seems to work.

indeed the word admin is crucial for aboves report.
seems like the right file to add for current cvs, done.
for your own usage you might like to use local-package files.
 
> Thanks,
> Toby

thank you!
if you have other such nicely crafted regexes, feel free to open other
bugs concerning them.

--
maks