Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#905018: logwatch: does not match postfix-policyd-spf-python logs
73 views
Skip to first unread message
Graham Cobb
Jul 30, 2018, 1:30:02 PM7/30/18
to
Package: logwatch
Version: 7.4.3+git20161207-2
Severity: normal
I am running postfix-policyd-spf-python 2.0.1-1 and postfix 3.1.6-0+deb9u1.
Logwatch is not matching the SPF log lines.
Example log lines:
Jul 30 17:39:16 zaphod policyd-spf[15493]: prepend Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; envelope-from=remi...@mail.jetsetter.com; receiver=<UNKNOWN>
Jul 30 17:32:19 zaphod policyd-spf[15290]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=192.243.244.120; helo=r120.p30.neolane.net; envelope-from=easyfundrais...@e.easyfundraising.org.uk; receiver=<UNKNOWN>
Jul 30 15:36:15 zaphod policyd-spf[12978]: prepend Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; envelope-from=tep...@7788056.com; receiver=<UNKNOWN>
Jul 30 15:42:40 zaphod policyd-spf[13151]: prepend Received-SPF: None (no SPF record) identity=no SPF record; client-ip=5.79.33.58; helo=rsweb1.pindigital.com; envelope-from=<>; receiver=<UNKNOWN>
The log lines appear to contain the text "prepend Received-SPF: " at the front, and no ";" after the status.
The following change to the postscript script works, but no longer matches the original log lines, of course:
--- /usr/share/logwatch/scripts/services/postfix 2017-01-21 16:44:03.000000000 +0000
+++ postfix 2018-07-30 18:11:34.000000000 +0100
@@ -1887,7 +1887,8 @@
# Pass; identity=helo; client-ip=192.168.0.2; helo=example.com; envelope-from=<>; receiver=bo...@example.net
# Permerror; identity=helo; client-ip=192.168.0.4; helo=example.com; envelope-from=f...@example.com; receiver=bog...@example.net
# Softfail; identity=mailfrom; client-ip=192.168.0.6; helo=example.com; envelope-from=f...@example.com; receiver=ya...@example.org
- if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); (.*)$/) {
+#GRC if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); (.*)$/) {
+ if ($line =~ /^prepend Received-SPF: (Pass|Fail|None|Neutral|Permerror|Softfail|Temperror) (.*)$/) {
my $result = $1;
my %params = $2 =~ /([-\w]+)=([^;]+)/g;
#$params{'s'} = '*unknown' unless $params{'s'};
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.utf8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages logwatch depends on:
ii perl 5.24.1-3+deb9u4
ii postfix [mail-transport-agent] 3.1.6-0+deb9u1
Versions of packages logwatch recommends:
ii libdate-manip-perl 6.57-1
ii libsys-cpu-perl 0.61-2+b1
ii libsys-meminfo-perl 0.99-1
Versions of packages logwatch suggests:
pn fortune-mod <none>
-- no debconf information
Version: 7.4.3+git20161207-2
Severity: normal
I am running postfix-policyd-spf-python 2.0.1-1 and postfix 3.1.6-0+deb9u1.
Logwatch is not matching the SPF log lines.
Example log lines:
Jul 30 17:39:16 zaphod policyd-spf[15493]: prepend Received-SPF: Softfail (mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; envelope-from=remi...@mail.jetsetter.com; receiver=<UNKNOWN>
Jul 30 17:32:19 zaphod policyd-spf[15290]: prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=192.243.244.120; helo=r120.p30.neolane.net; envelope-from=easyfundrais...@e.easyfundraising.org.uk; receiver=<UNKNOWN>
Jul 30 15:36:15 zaphod policyd-spf[12978]: prepend Received-SPF: Fail (mailfrom) identity=mailfrom; client-ip=188.65.115.147; helo=gamma.srv2.com; envelope-from=tep...@7788056.com; receiver=<UNKNOWN>
Jul 30 15:42:40 zaphod policyd-spf[13151]: prepend Received-SPF: None (no SPF record) identity=no SPF record; client-ip=5.79.33.58; helo=rsweb1.pindigital.com; envelope-from=<>; receiver=<UNKNOWN>
The log lines appear to contain the text "prepend Received-SPF: " at the front, and no ";" after the status.
The following change to the postscript script works, but no longer matches the original log lines, of course:
--- /usr/share/logwatch/scripts/services/postfix 2017-01-21 16:44:03.000000000 +0000
+++ postfix 2018-07-30 18:11:34.000000000 +0100
@@ -1887,7 +1887,8 @@
# Pass; identity=helo; client-ip=192.168.0.2; helo=example.com; envelope-from=<>; receiver=bo...@example.net
# Permerror; identity=helo; client-ip=192.168.0.4; helo=example.com; envelope-from=f...@example.com; receiver=bog...@example.net
# Softfail; identity=mailfrom; client-ip=192.168.0.6; helo=example.com; envelope-from=f...@example.com; receiver=ya...@example.org
- if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); (.*)$/) {
+#GRC if ($line =~ /^(Pass|Fail|None|Neutral|Permerror|Softfail|Temperror); (.*)$/) {
+ if ($line =~ /^prepend Received-SPF: (Pass|Fail|None|Neutral|Permerror|Softfail|Temperror) (.*)$/) {
my $result = $1;
my %params = $2 =~ /([-\w]+)=([^;]+)/g;
#$params{'s'} = '*unknown' unless $params{'s'};
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_GB.utf8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to en_GB.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages logwatch depends on:
ii perl 5.24.1-3+deb9u4
ii postfix [mail-transport-agent] 3.1.6-0+deb9u1
Versions of packages logwatch recommends:
ii libdate-manip-perl 6.57-1
ii libsys-cpu-perl 0.61-2+b1
ii libsys-meminfo-perl 0.99-1
Versions of packages logwatch suggests:
pn fortune-mod <none>
-- no debconf information
0 new messages