[Logcheck-devel] Bug#642466: logcheck-database: Should ignore postfix proxy-accept log messages

[Kevin Locke]

Package: logcheck-database
Severity: normal

Dear Maintainer,

When configured to use an smtpd_proxy_filter (e.g. with spampd), postfix
reports the status of the proxy request when it receives the proxy's
END-OF-DATA reply.  The log message is generated in data_cmd() at around
src/smtpd/smtpd.c:3133 and is logged for each email message.  For
successfully delivered emails, this message is always safe to ignore
while for rejections (which occur when a message is filtered by the
proxy) the message is usually safe to ignore.

To ignore only the successful deliveries, the following rule should be
sufficient:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: proxy-accept: END-OF-MESSAGE: 250 ([[:digit:].]+ )?Ok: queued as [[:upper:][:digit:]]+; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$

And to ignore all proxy filter delivery messages:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: proxy-(accept|reject): END-OF-MESSAGE: [[:digit:]]{3} ([[:digit:].]+ )?.*; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$

I would suggest the second rule be added to ignore.d.server/postfix and
I am unsure if the first might be suitable for ignore.d.paranoid/postfix
or if successful deliveries should still be reported.

Cheers,
Kevin

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.4-kevinoid1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash