Re: logcheck regexp for spamassassin

To: debian-user <debian-user@lists.debian.org>
Subject: Re: logcheck regexp for spamassassin
From: Bill Marcum <bmarcum@iglou.com>
Date: Sat, 20 Dec 2003 16:01:08 -0500
Message-id: <[🔎] 20031220210108.GA12048@iglou.com>
Mail-followup-to: debian-user <debian-user@lists.debian.org>
In-reply-to: <8-mVzD.lB.eHD.jMG5_@shiba>
References: <8-mVzD.lB.eHD.jMG5_@shiba>

On Fri, Dec 19, 2003 at 09:34:56PM -0600, Greg Norris wrote:
> Every now and then, logcheck complains about syslog messages such as
> the one below.  Not a big problem, but it's supposed to filter out
> messages which match the associated regexp... which really should cover
> this case, as far as I can see.  Any idea why this one was missed?
> 
> ---SNIP--- Dec 19 07:17:46 sasami spamd[23665]: processing message
> <200312191358.09611.meurer@bad-gmbh.de> for adric:1000.  ---SNIP---
> 
> ---SNIP--- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:
> processing message <.+> for \w+:[0-9]+\. $ ---SNIP---
> 
> There really is a single space at the end of the line, btw, so it's
> not that.

You don't say whether the message is listed as an "event" or a "security 
violation", but I'm guessing it's the latter, and the reason is that
the email address contains "bad".  If I'm right, the solution is to 
create a file in violations.ignore.d containing an appropriate regexp,
perhaps "@bad-"


-- 
No animal should ever jump on the dining room furniture unless
absolutely certain he can hold his own in conversation.
		-- Fran Lebowitz

Reply to:

Follow-Ups:
- Re: logcheck regexp for spamassassin
  - From: Greg Norris <haphazard@kc.rr.com>

Prev by Date: Re: dial-up to ethernet
Next by Date: Re: Name resolution on Debian/Windows network
Previous by thread: Re: logcheck regexp for spamassassin
Next by thread: Re: logcheck regexp for spamassassin
Index(es):
- Date
- Thread