Bug 467378
Summary: | logwatch fails to parse some postfix logfile lines | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ivana Varekova <varekova> |
Component: | logwatch | Assignee: | Ivana Varekova <varekova> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 8 | CC: | coocheenin, dusan, ondrejj, richardfearn, turchi, varekova |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-11-21 10:59:50 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ivana Varekova
2008-10-17 08:29:56 UTC
Dusan, please could you paste here your postfix logs - I can't reproduce your problem - perhaps there will be sufficient to have status in the log you post. Thanks. Sep 29 08:48:25 mx1 postfix/smtp[12289]: 28383850F: to=<+._-user>, relay=mail.domain.cz[180.195.19.16]:25, delay=49137, delays=49110/27/0.02/0, dsn=4.7.0, status=.... and Oct 11 08:26:27 mx1 postfix/qmgr[23382]: 0BF8FA188: from=<????@dankong.net>, size=2245, nrcpt=1 (queue active) Oct 11 08:26:27 mx1 amavis[21689]: (21689-04) WARN: address modified (sender): <\325\305\276\262> -> <"\325\305\276\262"@dankong.net> Oct 11 08:26:29 mx1 postfix/qmgr[23382]: 847DAA138: from=<????@dankong.net>, size=2728, nrcpt=1 (queue active) Oct 11 08:26:29 mx1 amavis[21689]: (21689-04) Passed BAD-HEADER, [61.175.223.136] [61.175.223.136] <\325\305\276\262> -> <info>, Message-ID: <20081011062623.0BF8FA188.cz>, mail_id: 3mAn9N-YAOvW, Hits: 11.58, size: 2245, queued_as: 847DAA138, 2508 ms Oct 11 08:26:35 mx1 postfix/smtp[21895]: A66B9A1BA: to=<????@dankong.net>, relay=61.175.223.136.dankong.net[61.175.223.136]:25, delay=5.5, delays=0.03/0/5/0.44, dsn=5.0.0, status=bounced (host 61.175.223.136.dankong.net[61.175.223.136] said: 501 input error. (in reply to MAIL FROM command)) I think that characters "+" and "?" in email address(propably spam) are problems for logwatch script... Dusan logwatch-7.3.6-18.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/logwatch-7.3.6-18.fc8 I have another logwatch problem with unmatched entries. In the past days was a lot of connections to our smtp server, which was lost after command DATA (0 bytes). These connections are propably SPAM attempts I think. An e-mail from Logwatch is about 19MB, there are a lot of unmatched entries. I think these connection lost will be matched as "Connections lost" entry. Please fix this. See log: --------------------- Postfix Begin ------------------------ 68 *Warning: Queue file size limit exceeded 23 *Warning: Error writing queue file 1044 *Warning: Pre-queue content-filter connection overload 1451 Miscellaneous warnings 7.409G Bytes accepted 7,955,097,115 10.008G Bytes delivered 10,745,979,416 ======== ================================================ 120074 Accepted 27.52% 316225 Rejected 72.48% -------- ------------------------------------------------ 436299 Total 100.00% ======== ================================================ 2873 Reject relay denied 0.91% 4468 Reject recipient address 1.41% 414 Reject sender address 0.13% 162 Reject client host 0.05% 308308 Reject RBL 97.50% -------- ------------------------------------------------ 316225 Total Rejects 100.00% ======== ================================================ 23 4xx Reject unknown user 7.26% 294 4xx Reject sender address 92.74% -------- ------------------------------------------------ 317 Total 4xx Rejects 100.00% ======== ================================================ 376924 Connections made 29270 Connections lost 376890 Disconnections 120034 Removed from queue 130861 Sent via SMTP 2 Forwarded 633 Resent 6832 Deferred 41668 Deferrals 117 Bounce (local) 15459 Bounce (remote) 22 Expired and returned to sender 2247 Sender delay notification 119 DSNs delivered 4685 DSNs undeliverable 1730 Timeout (inbound) 259 Illegal address syntax in SMTP command 11 MX error 288 Numeric hostname 5 SMTP commands dialog error 27 Excessive errors in SMTP commands dialog 61432 Hostname verification errors 21 Hostname validation error 1405 Enabled PIX workaround **Unmatched Entries** 2 Oct 21 01:19:34 mx1 postfix/smtpd[17583]: lost connection after DATA (0 bytes) from sw.nobles.edu[66.228.80.2] 2 Oct 21 13:06:29 mx1 postfix/smtp[12992]: connect to mail.bues.ru[82.146.62.193]:25: Connection refused 2 Oct 21 13:07:02 mx1 postfix/smtpd[13427]: lost connection after DATA (0 bytes) from servincom-samba.gtss.ru[81.222.112.15] 2 Oct 21 19:13:21 mx1 postfix/smtpd[17287]: lost connection after DATA (0 bytes) from 68-114-97-253.dhcp.slid.la.charter.com[68.114.97.253] 2 Oct 21 12:50:40 mx1 postfix/smtpd[11532]: lost connection after DATA (0 bytes) from unknown[85.94.41.130] 2 Oct 21 20:33:06 mx1 postfix/smtpd[24526]: lost connection after DATA (0 bytes) from 111-26.106-92.cust.bluewin.ch[92.106.26.111] 2 Oct 21 19:17:41 mx1 postfix/smtpd[15919]: lost connection after DATA (0 bytes) from nj-76-1-246-15.dhcp.embarqhsd.net[76.1.246.15] 2 Oct 21 23:53:46 mx1 postfix/smtpd[6400]: lost connection after DATA (0 bytes) from 85.pool85-50-71.dynamic.orange.es[85.50.71.85] 2 Oct 21 10:26:00 mx1 postfix/smtpd[30815]: lost connection after DATA (0 bytes) from unknown[84.242.242.158] 2 Oct 21 22:17:46 mx1 postfix/smtpd[709]: lost connection after DATA (0 bytes) from dslb-084-062-210-215.pools.arcor-ip.net[84.62.210.215] 2 Oct 21 10:38:42 mx1 postfix/smtpd[32382]: lost connection after DATA (0 bytes) from unknown[87.245.186.170] 2 Oct 21 13:14:22 mx1 postfix/smtp[12998]: connect to mail.bues.ru[82.146.62.193]:25: Connection refused 2 Oct 21 19:17:37 mx1 postfix/smtpd[17714]: lost connection after DATA (0 bytes) from nj-76-1-246-15.dhcp.embarqhsd.net[76.1.246.15] 2 Oct 21 01:44:07 mx1 postfix/smtpd[19133]: lost connection after DATA (0 bytes) from unknown[78.155.32.135] 2 Oct 21 19:19:41 mx1 postfix/smtpd[17656]: lost connection after DATA (0 bytes) from 155.135.70-86.rev.gaoland.net[86.70.135.155] 2 Oct 21 19:19:56 mx1 postfix/smtpd[17714]: lost connection after DATA (0 bytes) from 155.135.70-86.rev.gaoland.net[86.70.135.155] 2 Oct 21 19:13:19 mx1 postfix/smtpd[16327]: lost connection after DATA (0 bytes) from 68-114-97-253.dhcp.slid.la.charter.com[68.114.97.253] 2 Oct 21 01:24:52 mx1 postfix/smtpd[18089]: lost connection after DATA (0 bytes) from n9-c155.client.tomica.ru[78.140.9.155] 2 Oct 21 03:57:11 mx1 postfix/smtp[24850]: connect to mail.brooktorkai.info[80.237.220.17]:25: Connection refused 2 Oct 21 19:28:44 mx1 postfix/smtpd[17257]: lost connection after DATA (0 bytes) from pool-71-184-192-3.bstnma.fios.verizon.net[71.184.192.3] 2 Oct 21 13:24:22 mx1 postfix/smtp[14917]: connect to mail.bues.ru[82.146.62.193]:25: Connection refused 2 Oct 21 19:20:28 mx1 postfix/smtpd[17635]: lost connection after DATA (0 bytes) from..................................... ..................... Thanks Dusan logwatch-7.3.6-19.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/logwatch-7.3.6-19.fc8 There is forgotten print command :( - so I'm fixing it. logwatch-7.3.6-20.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/logwatch-7.3.6-20.fc8 Similar problem is in fc9, please fix it too. Thanks Dusan logwatch-7.3.6-20.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9186 On fc8 (logwatch-7.3.6-20.fc8) is problem still here: Unmatched entries: 1 Oct 25 15:42:48 mx1 postfix/smtpd[7311]: timeout after DATA (0 bytes) from unknown[118.68.247.123] 1 Oct 25 15:25:38 mx1 postfix/smtpd[4445]: timeout after DATA (0 bytes) from unknown[124.79.32.209] 1 Oct 25 21:31:45 mx1 postfix/smtpd[5645]: timeout after DATA (419223 bytes) from mail2.penta.cz[212.20.119.21] 1 Oct 25 04:27:24 mx1 postfix/smtpd[18884]: timeout after DATA (0 bytes) from unknown[60.166.215.208] 1 Oct 25 12:26:00 mx1 postfix/smtpd[20397]: timeout after DATA (0 bytes) from unknown[124.119.119.206] 1 Oct 25 09:09:23 mx1 postfix/smtp[5643]: 671568592: host mx10.hanmail.net[211.43.197.142] refused to talk to me: 554 5.7.1 CCRX 80.95.96.6: Connection refused. Your IP address is blocked(anti-spam). 1 Oct 25 14:26:50 mx1 postfix/smtpd[30818]: timeout after DATA (0 bytes) from unknown[81.214.68.64] 1 Oct 25 08:11:23 mx1 postfix/smtpd[30646]: timeout after DATA (0 bytes) from unknown[88.228.181.151] 1 Oct 25 02:46:13 mx1 postfix/smtpd[8078]: timeout after DATA (0 bytes) from unknown[58.141.155.105] 1 Oct 25 15:45:27 mx1 postfix/smtpd[8250]: timeout after DATA (0 bytes) from unknown[68.161.112.141] On Fedora 9 (logwatch-7.3.6-25.fc9.noarch) was this problem solved but another appear :-( (outbound connections) Logwatch mail so long due this. :-( **Unmatched Entries** 2 Oct 25 13:48:49 mx1-new postfix/smtp[2677]: connect to mail.vva.com[160.79.200.82]:25: Connection refused 2 Oct 25 11:08:49 mx1-new postfix/smtp[21138]: connect to bjrnet.com[128.241.53.90]:25: Connection refused 2 Oct 25 13:28:49 mx1-new postfix/smtp[32318]: connect to bjrnet.com[128.241.53.90]:25: Connection refused 2 Oct 25 08:48:49 mx1-new postfix/smtp[11649]: connect to barryland.com[208.73.210.32]:25: Connection refused 2 Oct 25 11:28:49 mx1-new postfix/smtp[23013]: connect to mail.vva.com[160.79.200.82]:25: Connection refused 2 Oct 25 12:28:50 mx1-new postfix/smtp[27708]: connect to 365translation.com[69.64.155.178]:25: Connection refused 2 Oct 25 05:18:49 mx1-new postfix/smtp[29903]: connect to barryland.com[208.73.210.32]:25: Connection refused 2 Oct 25 06:28:49 mx1-new postfix/smtp[757]: connect to bjrnet.com[128.241.53.90]:25: Connection refused 2 Oct 25 13:28:49 mx1-new postfix/smtp[742]: connect to mail.vva.com[160.79.200.82]:25: Connection refused 2 Oct 25 01:33:49 mx1-new postfix/smtp[14150]: connect to mail.MEETMYGUESTS.COM[70.38.29.245]:25: Connection refused 1 Oct 25 13:09:19 mx1-new postfix/smtp[31370]: connect to mail.devoll.net[209.144.27.98]:25: Connection timed out 1 Oct 25 10:24:19 mx1-new postfix/smtp[18398]: connect to mx.atomis.com.atomis.com[62.23.107.186]:25: Connection timed Thanks for help. logwatch-7.3.6-21.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/logwatch-7.3.6-21.fc8 The problem you report for F-9 is fixed in Fedora9 cvs for now. (In reply to comment #11) > logwatch-7.3.6-21.fc8 has been submitted as an update for Fedora 8. > http://admin.fedoraproject.org/updates/logwatch-7.3.6-21.fc8 Now it works. Thank you. logwatch-7.3.6-21.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9225 logwatch-7.3.6-21.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. One type of message is still present: 1 Nov 7 12:27:51 ns postfix/smtpd[19593]: too many errors after DATA (0 bytes) from lete.bart.sk[184.245.82.38] 1 Nov 7 02:27:48 ns postfix/smtpd[11419]: too many errors after DATA (0 bytes) from lete.bart.sk[184.245.82.38] 1 Nov 7 08:07:49 ns postfix/smtpd[12746]: too many errors after DATA (0 bytes) from lete.bart.sk[184.245.82.38] 1 Nov 7 20:37:50 ns postfix/smtpd[4885]: too many errors after DATA (0 bytes) from lete.bart.sk[184.245.82.38] [root@ns ~]# rpm -q logwatch postfix logwatch-7.3.6-21.fc8 postfix-2.5.5-1.fc8 This happens only on one of my servers, but it is very disturbing. Ivana, can you fix also this? Fixed in logwatch-7.3.6-22.fc8. - But please it would be great if you send all unparsed logs together (or whole /var/log/messages file). Thank you. These was last ones. logwatch-7.3.6-22.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-9585 logwatch-7.3.6-22.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. (In reply to comment #20) > logwatch-7.3.6-22.fc8 has been pushed to the Fedora 8 stable repository. If > problems still persist, please make note of it in this bug report. More unmatches entries in this RPM: https://bugzilla.redhat.com/show_bug.cgi?id=492738 |