Bug#318731: [Logcheck-devel] Bug#318731: spamd rule does not work
Jamie L. Penman-Smithson
jamie at silverdream.org
Mon Jul 18 13:38:24 UTC 2005
On Sun, 2005-07-17 at 20:19 +0200, Rainer Zocholl wrote:
> jamie at silverdream.org(Jamie L. Penman-Smithson) 17.07.05 13:31
> >since all log messages have trailing
> >spaces stripped before they are processed, your rule will never match
> >anything.
>
> Sorry, i wasn't aware of that and throught something wiered inside logcheck.
> That's why i file a bug.
>
> Too i was not warned that testing rules with "egrep -f"
> is not recommandable/is senseless, because logcheck modifies the logfile reads.
There's a paragraph in README.logcheck-database:
| To test new rules, you can grep your log file, and remove trailing
| space with something like this:
|
| sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep \
| '^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: \
| WWWOFFLE (On|Off)line\.$'
|
| If the log line is displayed, then your regex works.
> >Finally, this message indicates a _PROBLEM_ with your spamassassin
> >configuration, ignoring it _will not_ make the problem disappear.
>
> I assume it's problem in some users config...
>
> I don't want "littering" logcheck mails with messages i
> can't change. That's to dangerous as some day no one will
> take a look into the file.
Then find out which users config is causing the problem?
If your users config files are in the same directory, something like
egrep -H " RBL" * might find the culprit. Or "find / -name foobar.cf
-exec grep -H " RBL" \{\} \;"
That'll only work if your config files have identical names, if they are
named after the user, you could try something similar to:
cat /etc/passwd | egrep -v "^[[:alnum:]]+:x:[0-9]{1,2}:.*$" | cut -f 1
-d ":" > .users && for i in $(cat .users); do find /foo -name $i.cf
-exec grep -H " RBL" \{\} \;; done ; rm .users
> >Ignoring errors is not a good strategy. See bug #3853 in SA's bugzilla
> >(which I found within 5 seconds using Google)
>
> I have several(!) times tried google and did not find any useful hints
> or solution.
>
> Which words did you use?
Argument "RBL" "isn't numeric in addition"
> I tried "Argument isn't numeric in addition" etc. with spamd and without
> and only see that others asking the same.
You may or may not already know, but placing quotation marks around
words causes Google to search for the entire phrase[1], rather than
occurrences of the individual words.
The first result from that is relevant to your problem, as are most of
the other results from the first page.
[1] http://www.google.co.uk/help/basics.html#phrases
--
-Jamie L. Penman-Smithson <jamie at silverdream.org>
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: oubliette.z at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050718/1ff30155/attachment.pgp
More information about the Logcheck-devel
mailing list