[Logwatch] logwatch for postfix

Farkas Levente lfarkas at bppiac.hu
Thu Sep 13 01:54:06 MST 2007


i've got a strange line with this postfix logwatch which was not before
this version:
--------------------- Postfix Begin ------------------------

 Nested quantifiers in regex; marked by <-- HERE in m/[<(]?+ <-- HERE
._-ada867 at springer.hu[>)]?\W*/ at
/usr/share/logwatch/scripts/services/postfix line 2166, <> line 15729.

---------------------- Postfix End -------------------------
probably this log line was the reason:
----------------------------------------------
Sep 12 05:53:03 blue postfix/smtp[25772]: 6424B6335E3:
to=<+._-Ada867 at springer.hu>, relay=portal.bppiac.hu[213.253.216.130]:25,
delay=0.44, delays=0.42/0/0.01/0.01, dsn=5.1.1, status=bounced (host
portal.bppiac.hu[213.253.216.130] said: 550 5.1.1
<+._-Ada867 at springer.hu>: Recipient address rejected: User unknown in
local recipient table (in reply to RCPT TO command))
----------------------------------------------
i don't know it's a bug or a feature....


MrC wrote:
> Farkas Levente wrote:
>> hi,
>> we run on our centos server logwatch for postfix services too. but
>> unfortunately it generates a lots of usefulness info. is there any way to
>> delete them. imho these are bugs in logwatch and should have to be fixed.
>> the most annoying two examples:
>> lots of such lines
> 
> Hi Farkas,
> 
> Thanks for the report.  I've updated postfix-logwatch to version
> 1.36.10, available at:
> 
>     http://www.mikecappella.com/logwatch
> 
> 
>> ---------------------------------------------
>>  **Unmatched Entries**
>>         2   Sep  5 03:38:39 alpha postfix/smtpd[31077]:
>> fingerprint=18:C6:FA:7A:E7:A2:21:04:3F:26:E2:A8:D6:A3:46:33
> 
> This is resolved.  These messages are ignored.
> 
>> ---------------------------------------------
>> which comes from the fact that the smtp server communicating with each
>> other via TLS, from the log:
>> ---------------------------------------------
>> Sep  2 04:03:25 alpha postfix/smtpd[21446]: connect from
>> ns2.name-server.hu[213.253.216.144]
>> Sep  2 04:03:25 alpha postfix/smtpd[21446]: setting up TLS connection
>> from
>> ns2.name-server.hu[213.253.216.144]
>> Sep  2 04:03:25 alpha postfix/smtpd[21446]:
>> fingerprint=18:C6:FA:7A:E7:A2:21:04:3F:26:E2:A8:D6:A3:46:33
>> Sep  2 04:03:25 alpha postfix/smtpd[21446]: Verified:
>> subject_CN=mx1.mail-server.hu, issuer=CAcert Class 3 Root
>> Sep  2 04:03:25 alpha postfix/smtpd[21446]: TLS connection established
>> from ns2.name-server.hu[213.253.216.144]: TLSv1 with cipher
>> DHE-RSA-AES256-SHA (256/25
>> 6 bits)
>> Sep  2 04:03:25 alpha postfix/smtpd[21446]: 1F89A85974:
>> client=ns2.name-server.hu[213.253.216.144]
>> Sep  2 04:03:25 alpha postfix/cleanup[21363]: 1F89A85974:
>> message-id=<20070902020322.2D1655D00C5 at dejavu.zalavary.hu>
>> Sep  2 04:03:26 alpha postfix/qmgr[19347]: 1F89A85974:
>> from=<root at dejavu.zalavary.hu>, size=14997, nrcpt=1 (queue active) Sep  2
>> 04:03:26 alpha postfix/smtpd[21446]: disconnect from
>> ns2.name-server.hu[213.253.216.144]
> 
> The above messages are already handled correctly.
> 
>> ---------------------------------------------
>>
>> the other problem when amavis virus scanner running on the firewall:
>> ---------------------------------------------
>>  **Unmatched Entries**
>>         1   Sep  5 19:29:48 portal postfix/smtpd[21478]: E2C8D376656:
>> reject: DATA from localhost[127.0.0.1]: 550 5.5.3 <DATA>: Data command
>> rejected: Multi-recipient bounce; from=<> proto=ESMTP helo=<localhost>
> 
> This is a postfix message.  I responded to your thread on the postfix
> list regarding why these types of messages occur.  These are now handled
> in a new Reject Data section.
> 
>> ---------------------------------------------
>> in this case the log file contains:
>> ---------------------------------------------
>> Sep  2 04:18:33 portal postfix/smtpd[28519]: connect from
>> localhost[127.0.0.1]
>> Sep  2 04:18:33 portal postfix/smtpd[28519]: 0D3AE376627:
>> client=localhost[127.0.0.1]
>> Sep  2 04:18:33 portal postfix/smtpd[28519]: 0D3AE376627: reject: DATA
>> from localhost[127.0.0.1]: 550 5.5.3 <DATA>: Data command rejected:
>> Multi-recipient bo
>> unce; from=<> proto=ESMTP helo=<localhost>
>> Sep  2 04:18:33 portal postfix/smtpd[28519]: disconnect from
>> localhost[127.0.0.1]
>> ---------------------------------------------
>> thanks in advance.
>>
> 
> MrC
> 


-- 
  Levente                               "Si vis pacem para bellum!"


More information about the Logwatch mailing list