#1002453 logcheck: [logcheck-database] rules for opensmtpd

Package:
logcheck
Source:
logcheck
Submitter:
Amadego
Date:
2024-06-01 11:51:06 UTC
Severity:
wishlist
Tags:
#1002453#5
Date:
2021-12-22 10:08:09 UTC
From:
To:
Dear Maintainer,

Installing opensmtpd on a clean system, logcheck (level ignore.d.server) reports too many events coming from opensmtpd.
This happened since opensmtpd changed the format of its logs.

These are a proposal for escluding lines that are not harmful:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smtpd\[[[:digit:]]+\]: [[:xdigit:]]{16} mta (connecting|connected|disconnected|tls ciphers=).*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smtpd\[[[:digit:]]+\]: [[:xdigit:]]{16} mta server-cert-check result="success"$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smtpd\[[[:digit:]]+\]: [[:xdigit:]]{16} mta delivery .* result="Ok" .*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smtpd\[[[:digit:]]+\]: [[:xdigit:]]{16} smtp (connected|disconnected|envelope|message) .*$

Regards,
larzeni

#1002453#18
Date:
2024-05-30 21:04:33 UTC
From:
To:
Hi, it's a shame no-one replied since 2021 - is this bug still applicable?

the above rules look plausible, but i think we've had a few new
versions since 2021
A check against code at https://salsa.debian.org/debian/opensmtpd
would be great, but a reply is also enough