parse another postfix log, do postfix patches cleanup

logwatch-7.3.6-postfix.patch

@@ -1,7 +1,90 @@
 diff -up logwatch-7.3.6/scripts/services/postfix.pom logwatch-7.3.6/scripts/services/postfix
 --- logwatch-7.3.6/scripts/services/postfix.pom	2007-05-14 19:27:27.000000000 +0200
-+++ logwatch-7.3.6/scripts/services/postfix	2008-01-28 11:50:51.000000000 +0100
-@@ -2163,7 +2163,7 @@ sub cleanhostreply($ $ $ $) {
++++ logwatch-7.3.6/scripts/services/postfix	2008-10-29 13:37:05.000000000 +0100
+@@ -693,7 +693,7 @@ while ( <> ) {
+ 
+    my ($helo, $relay, $from, $origto, $to, $domain, $status,
+        $type, $reason, $reason2, $filter, $site, $cmd, $qid, $p2,
+-       $rej_action, $host, $hostip);
++       $rej_action, $host, $hostip, $size);
+ 
+    # ^fatal: ...
+    if ( ($reason) = ($p1 =~ /^fatal: (.*)$/ )) {
+@@ -769,8 +769,9 @@ while ( <> ) {
+       #TD disconnect from mail.example.com[2001:dead:beef::1]
+       $Totals{'Disconnection'}++;
+    }
+-   elsif (($host,$hostip,$reason) = ($p1 =~ /^connect to ([^[]*)\[($re_IP)\]: (.*)$/o)) {
++   elsif (($host,$hostip,$reason) = ($p1 =~ /^connect to ([^[]*)\[($re_IP)\]:?[0-9]*: (.*)$/o)) {
+       # all "connect to" messages indicate a problem with the connection
++      #TD connect to mail.bues.ru[82.146.62.193]:25: Connection refused
+       #TD connect to example.org[10.0.0.1]: Connection refused (port 25)
+       #TD connect to mail.sample.com[10.0.0.1]: No route to host (port 25)
+       #TD connect to sample.net[192.168.0.1]: read timeout (port 25)
+@@ -1521,6 +1522,11 @@ while ( <> ) {
+          $Totals{'RejectMilter'}++;
+          #$Counts{'RejectMilter'}{$cmd}{formathost($hostip,$host)}{$reason}{$p3}++;
+          $Counts{'RejectMilter'}{$cmd}{formathost($hostip,$host)}{$reason}++;
++         
++      } elsif ( ($host,$hostip,$reason) = ($p1 =~ /host ([^ ]*)\[([^ ]*)\] refused to talk to me: [0-9]* .*: Connection refused. (.*)/)) {    
++       # TD  host mx10.hanmail.net[211.43.197.142] refused to talk to me: 554 5.7.1 CCRX 80.95.96.6: Connection refused. Your IP address is blocked(anti-spam)
++        $Totals{'ConnectToFailure'}++;  
++        $Counts{'ConnectToFailure'}{$reason}{formathost($hostip,$host)}++;  
+ 
+       } else {
+          # keep this as the last condition in this else clause
+@@ -1530,8 +1536,9 @@ while ( <> ) {
+    # end of $re_QID section
+ 
+    # see also ConnectionLost in $re_QID section
+-   elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) from ([^[]*)\[($re_IP|unknown)\]$/o )) {
++   elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP|unknown)\]$/o )) {
+       unless ($hostip =~ /unknown/) {
++         #TD lost connection after DATA (0 bytes) from mail.example.com[192.168.0.1]    
+          #TD lost connection after CONNECT from mail.example.com[192.168.0.1] 
+          $Totals{'ConnectionLost'}++;
+          $Counts{'ConnectionLost'}{"\u$reason"}{formathost($hostip,$host)}++;
+@@ -1570,7 +1577,8 @@ while ( <> ) {
+    }
+ 
+    # see also TimeoutInbound in $re_QID section
+-   elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) from ([^[]*)\[($re_IP)\]$/o)) {
++   elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP)\]$/o)) {
++      #TD timeout after DATA (0 bytes) from unknown[85.102.182.31]
+       #TD timeout after RSET from example.com[192.168.0.1]
+       $Totals{'TimeoutInbound'}++;
+       $Counts{'TimeoutInbound'}{"\u$reason"}{formathost($hostip,$host)}++;
+@@ -1593,7 +1601,8 @@ while ( <> ) {
+ 
+    ### smtpd_tls_loglevel >= 1
+    # Server TLS messages
+-   elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) {
++   elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted|Anonymous) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) {
++      #DT Anonymous TLS connection established from fractal.kaosol.net[216.150.215.72]: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
+       #TD TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) 
+       # Postfix 2.5+: status: Untrusted or Trusted
+       #TD Untrusted TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) 
+@@ -1625,12 +1634,18 @@ while ( <> ) {
+       $Totals{'TlsUnverified'}++;
+       $Counts{'TlsUnverified'}{$cert}++; 
+ 
++   } elsif ( ($cert) = ($p1 =~ /: Untrusted: (subject_CN=.*)/)) {
++      #TD Untrusted: subject_CN=EXAMPLE-MAIL, issuer=EXAMPLE-MAIL,
++      $Totals{'TlsUnverified'}++;
++      $Counts{'TlsUnverified'}{$cert}++; 
++
+    } elsif ( ($p1 =~ m/(lookup )?table ([^ ]+ )?has changed -- (restarting|exiting)$/)) {
+       #TD table hash:/etc/postfix/helo_checks has changed -- restarting
+       $Totals{'TableChanged'}++;
+ 
+-   } elsif ( ($cmd,$host,$hostip) = ($p1 =~ /too many errors after ([^ ]*) from ([^[]*)\[($re_IP)\]$/o)) {
++   } elsif ( ($cmd,$size,$host,$hostip) = ($p1 =~ /too many errors after ([^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP)\]$/o)) {
+       #TD too many errors after AUTH from sample.net[10.0.0.1] 
++      #TD too many errors after DATA (0 bytes) from aasq46.neoplus.adsl.tpnet.pl[83.5.228.46]
+       $Totals{'TooManyErrors'}++;
+       $Counts{'TooManyErrors'}{"After $cmd"}{formathost($hostip,$host)}++;
+ 
+@@ -2163,7 +2178,7 @@ sub cleanhostreply($ $ $ $) {
     #print "HOSTREPLY: \"$hostreply\"\n";
     if (($host,$r1) = ($hostreply =~ /host (\S+) said: $re_DSN[\- ]"?(.*)"?$/o)) {
        # Strip recipient address from host's reply - we already have it in $recip.

logwatch-7.3.6-postfix2.patch

@@ -1,46 +0,0 @@
-diff -up logwatch-7.3.6/scripts/services/postfix.pom logwatch-7.3.6/scripts/services/postfix
---- logwatch-7.3.6/scripts/services/postfix.pom	2008-09-15 13:13:29.000000000 +0200
-+++ logwatch-7.3.6/scripts/services/postfix	2008-09-15 13:09:26.000000000 +0200
-@@ -1530,8 +1530,9 @@ while ( <> ) {
-    # end of $re_QID section
- 
-    # see also ConnectionLost in $re_QID section
--   elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) from ([^[]*)\[($re_IP|unknown)\]$/o )) {
-+   elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP|unknown)\]$/o )) {
-       unless ($hostip =~ /unknown/) {
-+         #TD lost connection after DATA (0 bytes) from mail.example.com[192.168.0.1]    
-          #TD lost connection after CONNECT from mail.example.com[192.168.0.1] 
-          $Totals{'ConnectionLost'}++;
-          $Counts{'ConnectionLost'}{"\u$reason"}{formathost($hostip,$host)}++;
-@@ -1570,7 +1571,8 @@ while ( <> ) {
-    }
- 
-    # see also TimeoutInbound in $re_QID section
--   elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) from ([^[]*)\[($re_IP)\]$/o)) {
-+   elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP)\]$/o)) {
-+      #TD timeout after DATA (0 bytes) from unknown[85.102.182.31]
-       #TD timeout after RSET from example.com[192.168.0.1]
-       $Totals{'TimeoutInbound'}++;
-       $Counts{'TimeoutInbound'}{"\u$reason"}{formathost($hostip,$host)}++;
-@@ -1593,7 +1595,8 @@ while ( <> ) {
- 
-    ### smtpd_tls_loglevel >= 1
-    # Server TLS messages
--   elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) {
-+   elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted|Anonymous) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) {
-+      #DT Anonymous TLS connection established from fractal.kaosol.net[216.150.215.72]: TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)
-       #TD TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) 
-       # Postfix 2.5+: status: Untrusted or Trusted
-       #TD Untrusted TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) 
-@@ -1625,6 +1628,11 @@ while ( <> ) {
-       $Totals{'TlsUnverified'}++;
-       $Counts{'TlsUnverified'}{$cert}++; 
- 
-+   } elsif ( ($cert) = ($p1 =~ /: Untrusted: (subject_CN=.*)/)) {
-+      #TD Untrusted: subject_CN=EXAMPLE-MAIL, issuer=EXAMPLE-MAIL,
-+      $Totals{'TlsUnverified'}++;
-+      $Counts{'TlsUnverified'}{$cert}++; 
-+
-    } elsif ( ($p1 =~ m/(lookup )?table ([^ ]+ )?has changed -- (restarting|exiting)$/)) {
-       #TD table hash:/etc/postfix/helo_checks has changed -- restarting
-       $Totals{'TableChanged'}++;

logwatch-7.3.6-postfix3.patch

@@ -1,23 +0,0 @@
-diff -up logwatch-7.3.6/scripts/services/postfix.pom logwatch-7.3.6/scripts/services/postfix
---- logwatch-7.3.6/scripts/services/postfix.pom	2008-10-17 09:27:02.000000000 +0200
-+++ logwatch-7.3.6/scripts/services/postfix	2008-10-17 09:28:46.000000000 +0200
-@@ -693,7 +693,7 @@ while ( <> ) {
- 
-    my ($helo, $relay, $from, $origto, $to, $domain, $status,
-        $type, $reason, $reason2, $filter, $site, $cmd, $qid, $p2,
--       $rej_action, $host, $hostip);
-+       $rej_action, $host, $hostip, $size);
- 
-    # ^fatal: ...
-    if ( ($reason) = ($p1 =~ /^fatal: (.*)$/ )) {
-@@ -1637,8 +1637,9 @@ while ( <> ) {
-       #TD table hash:/etc/postfix/helo_checks has changed -- restarting
-       $Totals{'TableChanged'}++;
- 
--   } elsif ( ($cmd,$host,$hostip) = ($p1 =~ /too many errors after ([^ ]*) from ([^[]*)\[($re_IP)\]$/o)) {
-+   } elsif ( ($cmd,$size,$host,$hostip) = ($p1 =~ /too many errors after ([^ ]*) (\(\d+ bytes\) )?from ([^[]*)\[($re_IP)\]$/o)) {
-       #TD too many errors after AUTH from sample.net[10.0.0.1] 
-+      #TD too many errors after DATA (0 bytes) from aasq46.neoplus.adsl.tpnet.pl[83.5.228.46]
-       $Totals{'TooManyErrors'}++;
-       $Counts{'TooManyErrors'}{"After $cmd"}{formathost($hostip,$host)}++;
- 

logwatch-7.3.6-postfix4.patch

@@ -1,14 +0,0 @@
-diff -up logwatch-7.3.6/scripts/services/postfix.pom logwatch-7.3.6/scripts/services/postfix
---- logwatch-7.3.6/scripts/services/postfix.pom	2008-10-21 11:09:52.000000000 +0200
-+++ logwatch-7.3.6/scripts/services/postfix	2008-10-24 10:31:50.000000000 +0200
-@@ -769,8 +769,9 @@ while ( <> ) {
-       #TD disconnect from mail.example.com[2001:dead:beef::1]
-       $Totals{'Disconnection'}++;
-    }
--   elsif (($host,$hostip,$reason) = ($p1 =~ /^connect to ([^[]*)\[($re_IP)\]: (.*)$/o)) {
-+   elsif (($host,$hostip,$reason) = ($p1 =~ /^connect to ([^[]*)\[($re_IP)\]:?[0-9]*: (.*)$/o)) {
-       # all "connect to" messages indicate a problem with the connection
-+      #TD connect to mail.bues.ru[82.146.62.193]:25: Connection refused
-       #TD connect to example.org[10.0.0.1]: Connection refused (port 25)
-       #TD connect to mail.sample.com[10.0.0.1]: No route to host (port 25)
-       #TD connect to sample.net[192.168.0.1]: read timeout (port 25)

logwatch.spec

@@ -1,7 +1,7 @@
 Summary: A log file analysis program
 Name: logwatch
 Version: 7.3.6
-Release: 31%{?dist}
+Release: 32%{?dist}
 License: MIT
 Group: Applications/System
 URL: http://www.logwatch.org/
@@ -44,12 +44,9 @@ Patch38: logwatch-7.3.6-audit3.patch
 Patch39: logwatch-7.3.6-init.patch
 Patch40: logwatch-7.3.6-cron5.patch
 Patch41: logwatch-7.3.6-logrotate.patch
-Patch42: logwatch-7.3.6-postfix2.patch
-Patch43: logwatch-7.3.6-postfix3.patch
 Patch44: logwatch-7.3.6-pam_unix3.patch
 Patch45: logwatch-7.3.6-init2.patch
 Patch46: logwatch-7.3.6-secure2.patch
-Patch47: logwatch-7.3.6-postfix4.patch
 
 Requires: textutils sh-utils grep mailx
 Requires: perl(Date::Manip)
@@ -102,12 +99,9 @@ of the package on many systems.
 %patch39 -p1
 %patch40 -p1
 %patch41 -p1
-%patch42 -p1
-%patch43 -p1
 %patch44 -p1
 %patch45 -p1
 %patch46 -p1
-%patch47 -p1
 rm -f scripts/services/*.orig
 
 %build
@@ -221,6 +215,9 @@ rm -rf %{buildroot}
 %doc License project/CHANGES 
 
 %changelog
+* Wed Oct 29 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-32
+- parse another postfix log, do postfix patches cleanup
+
 * Fri Oct 24 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-31
 - parse another bunch of postfix logs(#467378)