[Logwatch-Devel] how to match milter logs?

Bjorn L. bl_logwatch at mblmail.net
Tue Dec 6 09:23:13 MST 2005



Greg Matthews wrote:
> I've been reading the docs and trying to make alterations to the
> sendmail script/config as suggested by Bjorn. I'd like to catch
> milter-ahead lines of the type:
> 
> Milter: to=<foo at bar.com>, reject=550 5.7.1 User unknown: 71 Time(s)
> 
> and I'm trying to do it the recommended way using a customised
> sendmail.conf in /etc/logwatch/conf/services/ but I'd appreciate some
> help. The following does not seem to work for me:
> 
> $Sendmail_MatchFilter = " \
>    if ( ($User) = ($ThisLine =~ /Milter: to=<(\S+)>, reject=.+/ ) ) { \
>       $UnknownUsersCheckRcpt{$User}{$QueueID}++ \
>       $Msgs{$QueueID}{"BadRCPT"}++ \
>    }
> 
> G

I made a couple of changes:

$Sendmail_MatchFilter = "                                           \
if ( ($User) = ($ThisLine =~ /Milter: to=<(\S+)>, reject=.+/ ) ) {  \
       $UnknownUsersCheckRcpt{$User}{$QueueID}++;                    \
       $Msgs{$QueueID}{"BadRCPT"}++;                                 \
       undef $ThisLine;                                              \
    }                                                                \
    "

Also, I added the 'undef $ThisLine' assuming you don't want further
processing.  I thought setting it to the empty string would also
do the trick, but it reports the empty line as unmatched.  So you
can either undef it as above, or get the latest sendmail script
and set it to the empty string.

I tested the above with your string, and it seems to work.


More information about the Logwatch-Devel mailing list