[Logwatch] logwatch 2.6: sendmail enhancements

Jay Berkenbilt ejb@ql.org
Sun, 14 Jul 2002 13:39:20 -0400


Attached is a patch to enhance the sendmail logwatch script, as
supplied in RedHat Linux 7.3, to catch a few more cases that are
currently falling into the unmatched category with sendmail 8.11.6.

In Authentication-Warning message: catch non-use of the HELO protocol in
addition to setting sender with -f

4-hour warnings: catch both "return to sender" and "sender notify"

Catch unidentified unknown users (postmaster notify, return to sender)

Catch timeouts communicating with remote servers

--
Jay Berkenbilt <ejb@ql.org>
http://www.ql.org/q/



---------------------------------------------------------------------------

--- scripts/services/sendmail.qdist	Mon Apr 15 17:21:54 2002
+++ scripts/services/sendmail	Sun Jul 14 13:09:54 2002
@@ -58,7 +58,7 @@
         $Temp = "From " . $Relay . " to " . $Dest;
         $RelayDenied{$Temp}++;
     }
-    elsif ( ($Warning)  = ($ThisLine =~ /^[a-zA-Z0-9]+: Authentication-Warning: [^ ]+: ([^ ]+ set sender to [^ ]+ using -f)/) ) {
+    elsif ( ($Warning)  = ($ThisLine =~ /^[a-zA-Z0-9]+: Authentication-Warning: [^ ]+: ([^ ]+ (set sender to [^ ]+ using -f)|(.+ didn\'t use HELO protocol))/) ) {
         $AuthWarns{$Warning}++;
     }
     elsif ( ($Forward,$Error) = ($ThisLine =~ /^[a-zA-Z0-9]+: forward ([^ ]*): transient error: (.*)$/) ) {
@@ -68,9 +68,15 @@
     elsif ( ($Temp) = ($ThisLine =~ /^[a-zA-Z0-9]+: forward ([^ ]*: Permission denied)/) ) {
         $ForwardErrors{$Temp}++;
     }
-    elsif ( $ThisLine =~ m/^[a-zA-Z0-9]+: [a-zA-Z0-9]+: return to sender: Warning: could not send message for past 4 hours/ ) {
+    elsif ( $ThisLine =~ m/^[a-zA-Z0-9]+: [a-zA-Z0-9]+: (return to sender|sender notify): Warning: could not send message for past 4 hours/ ) {
         $FourHourReturns++;
     }
+    elsif ( $ThisLine =~ m/^[a-zA-Z0-9]+: [a-zA-Z0-9]+: (postmaster notify|return to sender): User unknown/ ) {
+        $UserUnknown++;
+    }
+    elsif ( $ThisLine =~ m/^[a-zA-Z0-9]+: timeout waiting for input from (\S+)/ ) {
+        $Timeouts{$1}++;
+    }
     else {
 	# Report any unmatched entries...
 	push @OtherList,$ThisLine;
@@ -80,9 +86,11 @@
 if ((@OtherList) or
     ($MsgsSent > 0) or
     ($FourHourReturns > 0) or
+    ($UserUnknown > 0) or
     (keys %UnknownUsers) or
     (keys %RelayDenied) or
     (keys %AuthWarns) or
+    (keys %Timeouts) or
     (keys %ForwardErrors)) {
     print "\n\n --------------------- sendmail Begin ------------------------ ";
 
@@ -95,6 +103,10 @@
         print "\n\n" . $FourHourReturns . " messages returned after 4 hours";
     }
 
+    if($UserUnknown > 0) {
+        print "\n\n" . $UserUnknown . " unidentified unknown users";
+    }
+
     if (keys %UnknownUsers) {
 	print "\n\nUnknown users:\n";
 	foreach $ThisOne (keys %UnknownUsers) {
@@ -116,6 +128,13 @@
 	}
     }
 
+    if (keys %Timeouts) {
+	print "\n\nTimeouts:\n";
+	foreach $ThisOne (keys %Timeouts) {
+	    print "    " . $ThisOne . ": " . $Timeouts{$ThisOne} . " Times(s)\n";
+	}
+    }
+
     if (keys %ForwardErrors) {
 	print "\n\nForwarding errors:\n";
 	foreach $ThisOne (keys %ForwardErrors) {