[Bug 188754] Re: rules for amavisd-new are not catching all mails

gavinmc gmccullagh at gmail.com
Fri May 23 10:07:22 BST 2008 

Sorry I took my eye off the ball a little on this one.

As I'm sure you know logcheck uses a set of standard regexps to filter
out the "normal" log messages and send the admin the rest.  amavisd-
new's filters are not quite catching all the normal mail now.

The situation seems to have changed a little since hardy (sorry I didn't
test the mail server prior to release but I guess it would be worth
fixing for the .1 release of hardy).  An example mail  delivery log
which escapes filtering for me is:

May 22 23:50:26 robin amavis[2067]: (02067-07) Passed CLEAN, LOCAL
[127.0.0.1] [195.113.31.123] <netdev-owner at vger.kernel.org> ->
<gavin at localhost>, Message-ID: <20080522224525.GA1749 at elf.ucw.cz>,
mail_id: 2yKeML25dBUl, Hits: -, size: 4325, queued_as: 0B198205BA, 288
ms

The existing filter set in hardy is this:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)?
mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+,
queued_as: [[:xdigit:]]+ OK id=[-[:alnum:]]+, [[:digit:]]+ ms$

so it would seem that the " OK id=[-[:alnum:]]+" is now optional or
perhaps has even been dropped (I never see it in logs now).

If it's optional, I suggest the filter change to:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)?
mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+,
queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$

if it's not optional, I suggest we just remove it:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> ->
<[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)?
mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+,
queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$

I'm attaching patches (solution-1.patch to make OK optional and
solution-2.patch to remove OK) to fix this.

I'm testing solution-2.patch now.

-- 
rules for amavisd-new are not catching all mails 
https://bugs.launchpad.net/bugs/188754
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to amavisd-new in ubuntu.

More information about the Ubuntu-server-bugs mailing list