Ubuntu
amavisd-new package

  1. Bug #188754
  2. Comment #9

Comment 9 for bug 188754

Revision history for this message
Gavin McCullagh (gmccullagh) wrote :

Sorry I took my eye off the ball a little on this one.

As I'm sure you know logcheck uses a set of standard regexps to filter out the "normal" log messages and send the admin the rest. amavisd-new's filters are not quite catching all the normal mail now.

The situation seems to have changed a little since hardy (sorry I didn't test the mail server prior to release but I guess it would be worth fixing for the .1 release of hardy). An example mail delivery log which escapes filtering for me is:

May 22 23:50:26 robin amavis[2067]: (02067-07) Passed CLEAN, LOCAL [127.0.0.1] [195.113.31.123] <email address hidden> -> <gavin@localhost>, Message-ID: <email address hidden>, mail_id: 2yKeML25dBUl, Hits: -, size: 4325, queued_as: 0B198205BA, 288 ms

The existing filter set in hardy is this:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+ OK id=[-[:alnum:]]+, [[:digit:]]+ ms$

so it would seem that the " OK id=[-[:alnum:]]+" is now optional or perhaps has even been dropped (I never see it in logs now).

If it's optional, I suggest the filter change to:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$

if it's not optional, I suggest we just remove it:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$

I'm attaching patches (solution-1.patch to make OK optional and solution-2.patch to remove OK) to fix this.

I'm testing solution-2.patch now.