Red Hat Bugzilla – Bug 350341
Review Request: postfix-logwatch - A postfix log analyzer for logwatch
Last modified: 2011-01-09 16:35:39 EST
Spec URL: http://till.fedorapeople.org/review/postfix-logwatch.spec
SRPM URL: http://till.fedorapeople.org/review/postfix-logwatch-1.36.12-1.tillf7.src.rpm
Description: This is a postfix log analyzer for logwatch.
I'd be happy to review this package.
Look for a full review here in a few.
OK - Package meets naming and packaging guidelines
OK - Spec file matches base package name.
OK - Spec has consistant macro usage.
OK - Meets Packaging Guidelines.
OK - License (GPLv2+)
OK - License field in spec matches
OK - License file included in package
OK - Spec in American English
OK - Spec is legible.
OK - Sources match upstream md5sum:
OK - BuildRequires correct
OK - Package has %defattr and permissions on files is good.
OK - Package has a correct %clean section.
OK - Package has correct buildroot
OK - Package is code or permissible content.
OK - Packages %doc files don't affect runtime.
OK - Package has rm -rf RPM_BUILD_ROOT at top of %install
OK - Package compiles and builds on at least one arch.
OK - Package has no duplicate files in %files.
OK - Package doesn't own any directories other packages own.
OK - Package owns all the directories it creates.
See below - No rpmlint output.
OK - final provides and requires are sane:
OK - Should build in mock.
OK - Should build on all supported archs
OK - Should function as described.
OK - Should have dist tag
OK - Should package latest version
1. rpmlint says:
postfix-logwatch.noarch: E: non-executable-script
It's not clear to me if this does need to be executable, but if it was you
could run it standalone, so that might be better?
postfix-logwatch.noarch: W: conffile-without-noreplace-flag
Should this have (noreplace) for upgrades to avoid messing up people's
I'm not sure how this has been packaged - postfix-logwatch runs either under
logwatch (wherein, it does not need to be executable), and standalone where it does.
In my new versions of the code, I have enabled perl's taint mode (via
#!/usr/bin/perl -T) for the standalone mode, and taint mode will not work under
logwatch. As a standalone package, taint mode works fine.
I check postfix-logwatch into the logwatch cvs tree, so Fedora will
automatically get postfix-logwatch (named simply postfix in
/etc/logwatch/scripts/services/ directory) via logwatch updates.
I would recommend that this package named "postfix-logwatch" be installed as the
standalone program, which will a) be more up to date than that in logwatch, and
b) be decoupled from logwatch's schedule, which as a project is becoming
increasingly less active.
I have some significant new features I'm about to release - if you could hold
for a couple of days, I should be ready to release.
(In reply to comment #3)
> I'm not sure how this has been packaged - postfix-logwatch runs either under
> logwatch (wherein, it does not need to be executable), and standalone where it
It is packaged to be used with logwatch.
> I check postfix-logwatch into the logwatch cvs tree, so Fedora will
> automatically get postfix-logwatch (named simply postfix in
> /etc/logwatch/scripts/services/ directory) via logwatch updates.
The main reason I built the package is to get this into Fedora EPEL, because the
postfix script in logwatch in RHEL does not produce such a nice output.
> I would recommend that this package named "postfix-logwatch" be installed as the
> standalone program, which will a) be more up to date than that in logwatch, and
> b) be decoupled from logwatch's schedule, which as a project is becoming
> increasingly less active.
These two benefits are no advantages of the standalone program, but only of this
package at all, imho. When the script is run from logwatch it is more up to date
and decoupled from logwatch's schedule, too.
> I have some significant new features I'm about to release - if you could hold
> for a couple of days, I should be ready to release.
This can be done.
I understand the motivation. The version of logwatch has been historically
ancient in RHEL releases.
It may be not safe to assume that my current versions of postfix-logwatch will
just work in older versions of logwatch. I'll make no guarantees there. I've
also restructured the code into multiple perl modules, which will be shared with
amavis-logwatch, and future parsers.
One of the primary reasons I wrote postfix-logwatch, and added the standalone
feature, was so that the script could be run from the command line, allowing
more dynamic varieties of reports, which is not possible under logwatch without
modifying the conf/services/postfix.conf file before each run. The standalone
config file is likely to be different than that used for logwatch (in
conf/services). The newer --config_file option allows using varieties of
configuration files for specific reports, and command line options provide
further customization on the fly (esp. with new, upcoming features).
There is also a new man page; logwatch doesn't have module-specific man pages,
so this is a bit of a divergence.
As an "encouragement" to make the utility available in standalone mode, consider
speed and performance. Logwatch is very clumsy and expensive in how it deals
with log files - it copies the primary log file, and when archives are being
searched, the archives as well, into a monolithic copy in the tmp directory.
Performance on larger installations can be abysmal. I encourage using
postfix-logwatch in standalone mode to avoid this excess.
I'd prefer not to deal with any confusions regarding which version filter is in
which version of logwatch. If this can be minimized, I'm ok with it.
"may be not" => "may not be".
(as an addendum, an upcoming new option dynamically reconfigures and builds
several command line options on the fly, and adjusts how some config file
variables are interpreted. This has more utility when running standalone).
I've updated postfix-logwatch with the new features indicated. The release is
Whats the status here?
Sorry for the delay. Kevin, to whom was your question addressed?
I'll be promoting the devel release to released this week. It will include a
couple minor bug fixes in the pre5 release, and the man page will be completed.
Till. Mike, Kevin.. what's the status here? I'd like to see this package in EPEL :)
I let version 220.127.116.11 run on my CentOS machines for several weeks and nothing
broke, therefore I would add the package as it is to EPEL.
This sounds excellent. Kevin, could you please continue the review ?
I'm ok with whatever choice is made here. But consider that 1.36.12 is fairly
old, and these changes have been made since:
2008-01-14 (version: 1.36.13pre7)
- New: Support ETRN rejects (option: RejectEtrn).
- Fix: Include optional text in L1 output for header/body checks Hold
- Fix: Accept "unknown" as an IP in Connection rate limit messages.
Thanks: Stefan Jakobs.
- Fix: Improve MxError captures
- Fix: Ignore "sql auxprop plugin ..." messages
- Fix: Ignore more debug_peer_level=2 messages
- Fix: Correct failure to ignore "connect to subsystem..." debug lines
- Fix: Add missing RejectVerify to config file
2007-12-15 (version: 1.36.13pre6)
- Fix: in BounceLocal and EnvelopeSenderDomains, set null domain
and formatted host to '*unknown'.
- Fix: Move postfix_warning before postfix_cleanup, as some cleanup
warnings were caught as unmatched.
- Fix: An Accepted message is now triggered by smtpd "client=..."
and pickup "uid=..." log entries, instead of qmgr's "from=xxx,
size=nnn, nrcpt=nnn" log lines. A message may have been accepted
during a previous time period, but delivery delays result in
multiple qmgr delivery attempts, resulting in over counting
Accepted messages. Thanks: Stefan Jakobs
- New: Bytes delivered is now broken down by Bytes sent via SMTP,
LMTP, and forwarded, to be orthogonal with message counts.
- Fix: Resent messages no longer reduce the number of messages
accepted - this was a naive attempt at not counting, for example,
messages released and requeued from a content filter's quarantine.
2007-11-14 (version: 1.36.13pre5)
- New: Threshold limiting and Top N lists for every level in each
Detail section. Every level in each section can now be limited
with minimum count thresholds and top N lists. See the updated
README file, the comments in the postfix-logwatch.conf file, and
the new postfix-logwatch man page. Requested by: Pavel Urban
- New: Rejects can now be categorized by reject reply code. A new
option/variable "reject_reply_patterns" is a list of reject reply
code regular expressions, which are used for categorizing rejects.
This feature allows, for example, distinguishing 421 transmission
channel closes from 45x errors. (eg. 450 mailbox unavailable, 451
local processing errors, 452 insufficient storage). The default
list is: "5.. 4.. Warn" which creates three groups of rejects:
permanent rejects, temporary failures, and reject warnings (as in
warn_if_reject). Requested by: Noel Jones
- New: postfix-logwatch man page created (net yet complete)
- New: Support for all access(5) actions. See the "Level Limiter
Options" section in the postfix-logwatch(1) man page, and "Common
access control actions" in postfix-logwatch.conf.
- New: Added envelope senders and envelope sender domains reports.
These are disabled by default. Enable with level limiter options
--envelopesenders 1 and --envelopesenderdomains 1 (or 2 to
also see senders listed under domains). See also the
postfix-logwatch.conf file. Suggested by: Brendan
- Change: Uncomment all variables in the config file. This should
help ensure the variables in the config file stay in sync with
those used in the source.
- Change: Merged sections SenderDelayNotification, DSNDelivered, and
DSNUndelivered into NotificationSent, with sub-sections indicating
the type of notification. This gives the total number of sent
notifications in the Summary section, and the breakdown by type
of notification in the Detailed section.
- Change: Removed "msgs" prefix from several options: msgsdeferred,
msgsdelivered, msgsforwarded, msgsresent, msgssent, and msgssentlmtp
are now deferred, delivered, forwarded, resent, sent and sentlmtp.
The old options are still usable.
- Change: force --help output to 80 chars.
- Change: Taint mode is now on by default in standalone mode. It is
disabled upon installation in logwatch mode, as logwatch fails with
taint mode enabled.
- Change: Set the primary key in tlsserverconnect/tlsclientconnect
options to type/cypher to reduce excessive level 2 output.
- Change: Reported values that cannot be determined or are unavailable
are prefixed with an asterisk (e.g. *unknown, *unspecified).
- Change: Warn section title 'Warn action logged' changed simply to
"Warned", to be consistent with other access/header_ and body_checks.
The option is --warned, but --warn is still acceptable.
- Fix: Significantly reduce memory footprint when detail < 5.
- Fix: Usage and --help now correctly show only detail section
level limiter options that are available. Previously, summary-
only counts were also display as level limiter options.
- Fix: "too many errors after DATA" and "timeout after DATA" may
include a byte count, as in "(348 bytes)". Thanks: John Beaver
- Fix: Ignore postgrey 'delayed ...' lines
- Fix: Allow logwatch --debug option to pass into postfix-logwatch
- Fix: configuration file reading code was not properly warning on
- Fix: "filter" actions were incremented on "redirect" actions
- Fix: Give more room to percentiles in delays percentiles table.
A 5 day delay is 432000.000 seconds, and the previous table width
was not sufficient.
- Fix: --show_sect_vars command line option inadvertently required an
argument; the name has been shortened to --sect_vars/--nosect_vars
and correctly no longer requires an argument. The longer names
--[no]show_sect_vars work as well. Thanks: Noel Jones
- Fix: Handle some unmatched connect to failures in section
ConnectToFailure. Cleanup and consolidate several similar messages;
add additional detail at level 3.
- Fix: Increment postsuper Hold messages by the number of messages
placed on hold.
- Fix: Add "non-ESMTP response ..." messages to SmtpConversationError.
First level is now the general SMTP error description.
- Internal: Converted source to be package-based to allow code sharing
with amavis-logwatch. The single-file executable is auto-generated
from the packages.
- Internal: internal gen_test_log function to create sample log data
for testing. Reads '#TD' comments from within postfix-logwatch.
2007-10-16 (version: 1.36.13pre4)
- Fix: Handle messages "SSL_connect error to example.com: 0" and
"Cannot start TLS: handshake failure" by coercing into warnings
Thanks: Rob Sterenborg
2007-10-15 (version: 1.36.13pre3)
- Fix: Handle "postmaster" DSNs
- Fix: Handle "discarding EHLO keywords:" (ignored)
- Internal: create bounce subroutine to handle bounce messages
2007-10-05 (version: 1.36.13pre2)
- New: Initial support for postgrey (http://postgrey.schweikert.ch/)
Requested by: Sebastian Wolfgarten
2007-10-05 (version: 1.36.13pre1)
- New: Support for policy-spf software postfix-policyd-spf-perl
Requested by: Nicodemo P. and Rob Sterenborg
I can bump the version to 1.36.13 final if necessary - its been operational for
quite some time.
Till: Would you like me to take another look at the last posted package here, or
would you like to spin up an updated one?
Let me know and we can get this review moving...
Any news here?
Please add a link to a site for the latest version of the filter inline; I tried getting the latest postfix file
from http://www2.logwatch.org:81/ but it's incompatible with the logwatch in v5.1.
Hoping 5.1 gets a fix to stop barfing all over my amavisd and current-postfix log messages soon...
Chris: The latest versions are available at:
Please try the devel version: 1.36.13pre7
I will have a pre8 version out this week, and if there are no issues, will
promote to 1.36.13.
I am sorry, but I do not have the time to continue this. I will reopen this bug
report, when I have, but maybe someone else wants to package this, which I do
not want to block.
I'm reopening this as I have been in discussion with Karel Klic (logwatch maintainer) about removing the (old) postfix script from the logwatch package, and distributing Mike's up-to-date script in a new postfix-logwatch package.
Mike, are you still there? Your website doesn't seem to work at the moment:
No longer blocks FE-DEADREVIEW.
I'm here. I've moved to sourceforge:
Richard: were you going to submit a new updated package here for review?
I will get to it. Just haven't had much time lately to work on it.
Why don't you open a new review on the package when you are ready to submit?
In the mean time we can close this one.