Bug 812883 - dovecot spam (as mail-proxy)
Summary: dovecot spam (as mail-proxy)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-04-16 13:28 UTC by Harald Reindl
Modified: 2012-06-20 08:46 UTC (History)
5 users (show)

Fixed In Version: logwatch-7.4.0-12.20120229svn100.fc16
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-05-19 06:58:48 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
imporoved patch (2.88 KB, patch)
2012-05-19 00:41 UTC, Harald Reindl
no flags Details | Diff

Description Harald Reindl 2012-04-16 13:28:13 UTC
since years now we get thousands of such messages each day for "imap-login" and "pop3-login" - the problem is taht logwatch creates for each client-ip and user a own line and if your clients are using mobile devices they are changing their ip multiple times each hour

in other words: logwatch is useless for dovecot

_____________________

 **Unmatched Entries**

    dovecot: imap-login: proxy(h.reindl): started proxying to 127.0.0.1:143: user=<h.reindl>, method=CRAM-MD5, rip=10.0.0.241, lip=10.0.0.15, TLS: 30 Time(s)
    dovecot: imap-login: proxy(h.reindl): started proxying to 127.0.0.1:143: user=<h.reindl>, method=PLAIN, rip=10.0.0.241, lip=10.0.0.15, TLS: 177 Time(s)

Comment 1 Fedora Update System 2012-05-04 08:03:51 UTC
logwatch-7.4.0-11.20120229svn100.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/logwatch-7.4.0-11.20120229svn100.fc17

Comment 2 Harald Reindl 2012-05-04 11:30:52 UTC
wonderful - this looks so much better
i rolled out "logwatch-7.4.0-12.20120229svn100.fc16.20120504.rh.noarch"

"attempts in X secs" should possibly be a summary counter

the one unmatched could be interesting - usually it is a sign that the 
backend server had a problem and no need to see in logwatch for waht user, this can be better done with grep on the maillog after get the warning in logwatch

it made me crazy since 2009 (my first mailserver) get practically the whole dovecot log per mail what is not really a summary and not helpful :-)

--------------------- Dovecot Begin ------------------------ 

 Dovecot disconnects:
    Inactivity (internal failure, 1 succesful auths): 1 Time(s)
    Inactivity (no auth attempts in 180 secs): 2 Time(s)
    Inactivity during authentication (client didn't finish SASL auth, waited 178 secs): 1 Time(s)
    Too many invalid commands (no auth attempts in 0 secs): 1 Time(s)
    auth failed, 1 attempts in 2 secs: 16 Time(s)
    auth failed, 1 attempts in 3 secs: 1 Time(s)
    auth failed, 1 attempts in 5 secs: 1 Time(s)
    auth failed, 1 attempts in 9 secs: 1 Time(s)
    client didn't finish SASL auth, waited 0 secs: 3 Time(s)
    client didn't finish SASL auth, waited 1 secs: 5 Time(s)
    no auth attempts in 0 secs: 20 Time(s)
    no auth attempts in 1 secs: 3 Time(s)
    no auth attempts in 28 secs: 1 Time(s)
    no auth attempts in 29 secs: 1 Time(s)
    no auth attempts in 40 secs: 8 Time(s)
    no auth attempts in 41 secs: 2 Time(s)
    no auth attempts in 44 secs: 1 Time(s)
    no auth attempts in 46 secs: 4 Time(s)
    no auth attempts in 5 secs: 3 Time(s)
    no auth attempts in 59 secs: 2 Time(s)
    no auth attempts in 6 secs: 1 Time(s)
    no auth attempts in 60 secs: 1 Time(s)
    no auth attempts in 61 secs: 2 Time(s)
    no auth attempts in 78 secs: 1 Time(s)
    no auth attempts in 9 secs: 1 Time(s)
 
 **Unmatched Entries**
    dovecot: imap-login: Error: proxy(*****@thelounge.net): connect(127.0.0.1, 143) failed: Connection refused (after 0 secs): 1 Time(s)
 
 ---------------------- Dovecot End -------------------------

Comment 3 Fedora Update System 2012-05-09 08:26:21 UTC
logwatch-7.4.0-12.20120229svn100.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/logwatch-7.4.0-12.20120229svn100.fc16

Comment 4 Fedora Update System 2012-05-10 14:16:20 UTC
Package logwatch-7.4.0-12.20120229svn100.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing logwatch-7.4.0-12.20120229svn100.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-7541/logwatch-7.4.0-12.20120229svn100.fc16
then log in and leave karma (feedback).

Comment 5 Harald Reindl 2012-05-19 00:41:40 UTC
Created attachment 585518 [details]
imporoved patch

can you please replace with the attached patch

removed "lip" because even without it is "unique enough" and
in dovecot 2.1.6 a new column "session" was added resulting
even on 23" screens in lineabreak while "tail -f"

so i configured "login_log_format_elements = user=<%u> method=%m rip=%r %c" to get also rid of the local-ip which will never change and spam came back

Comment 6 Fedora Update System 2012-05-19 06:58:48 UTC
logwatch-7.4.0-12.20120229svn100.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2012-05-26 07:03:14 UTC
logwatch-7.4.0-11.20120229svn100.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Harald Reindl 2012-06-20 08:46:01 UTC
oh no, svn110 remves the dovecot-proxy patch and does not 
fix the wrong behavior in my comment 5 
_____________


logwatch-7.4.0-13.20120619svn110.fc17.noarch

dovecot: imap-login: proxy(rhsoft): started proxying to 127.0.0.1:20143: user=<rhsoft>, method=CRAM-MD5, rip=192.168.2.2, TLS: 8 Time(s)

this means nearly the complete logfile on prouction servers with mobile-clients


Note You need to log in before you can comment on or make changes to this bug.