[Logcheck-devel] Bug#705988: Another rule update
Peter Wyss
wyss_p at yahoo.de
Mon Oct 20 19:07:28 UTC 2014
The following rules should be replaced
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight): ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) ?)+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\) ([\()/_[:alnum:]]+=(-)?[[:digit:].]+ ?)+)?(; rate: (-)?[[:digit:].]+)?; *<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>(; rate: (-)?[[:digit:].]+)?(; delay: [[:digit:]]+s)? ?$
with this new rule:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND X-policyd-weight): ([_[:alpha:][:digit:]]+=((-)?[[:digit:].]+|ERR) ?)+(\(check from: [^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\) ([\()/_[:alnum:]]+=(-)?[[:digit:].]+ ?)+)?(; rate: (-)?[[:digit:].]+)?; *<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>(; rate: (-)?[[:digit:].]+)?(; delay: [[:digit:]]+s)? ?$
There is an additional [:digit:] to cover checks having digits.
For example: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 HELO_IP_IN_CL16_SUBNET=-0.41
HELO_IP_IN_CL16_SUBNET cannot be matched with the rule from the package.
More information about the Logcheck-devel
mailing list