2014-09-03 (version: 1.40.03) - Fix: Corrected typo in RE for postscreen PREGREET & HANGUP fix was lost in merge. Thanks: Michael Orlitzky 2014-08-28 (version: 1.40.02) - Fix: Commented out some code which was accidentally left enabled, preventing the script from running. 2014-08-01 (version: 1.40.01) - Fix: Correct TLS matching for Postfix 2.11 and later. Thanks: John Wilcock - Fix: Ignore cfg_get_str debug lines. Thanks: Bas Mevissen - Fix: Ignore sacl_check:... lines. Thanks: Jonathan Herbach 2012-01-11 (version: 1.40.00) - Change: License is now the MIT/X-Consortium License: http://www.opensource.org/licenses/mit-license.php This allows re-inclusion into the logwatch project. - Fix: Ignore additional debug lines. Thanks: Peter Smrcak - Fix: Corrected typo in RE for postscreen PREGREET & HANGUP. 2011-09-26 (version: 1.39.07) - New: Support 2.9's enable_long_queue_ids via command line option --[no]long_queue_ids and config file var $postfix_Enable_Long_Queue_Ids. Default is disabled. There will be issues with existing logs that contain both formats. - Fix: Support postscreen's WHITELIST VETO. - Thanks: Noel Jones 2011-09-23 (version: 1.39.06) - New: Support postscreen from postfix 2.8. Updated for minor dnsblog log changes. Note: tlsproxy messages are ignored for now. - Change: Section dnsblog primary sort key is now listing site. - Fix: Some "improper command pipelining" log lines were unmatched (section: smtpprotocolviolation). - Fix: Ignore proxy-reject w/no SMTP reply code. Occurs after a queue file size lmit exceeded warning by smtpd. - New: Postfix 2.8.1 changes FCRDNS warning messages (section: hostnameverification). See: http://article.gmane.org/gmane.mail.postfix.user/218112 - Internal: Removed remaining $re_IP in rblerror section, from v1.39.05. - Thanks: Noel Jones, Tonio, Jase Thew, Alex, Michael Orlitzky 2010-11-12 (version: 1.39.05) - Fix: Check input value to commify() against undef; required for perl 5.12. Thanks: Michael Orlitzky - Fix: Eliminate use of $re_IP, as it is too complicated, expensive, and did not correctly match all valid IPv6 addresses. Note: one remains in RBL lookup error section, as parsing out IP is nontrivial w/IPv6. - Internal: Update URL to Sourceforge. 2010-03-23 (version: 1.39.04) - Fix: Support Postfix 2.8's reject_rhsbl_reverse_client in RejectRBL. Thanks: Noel Jones 2010-03-06 (version: 1.39.03) - Fix: Support for reject_rhsbl_helo in RejectRBL section. Thanks: Steve Bytnar 2010-03-03 (version: 1.39.02) - Change: Merged section SaslAuthRelay into SaslAuth. The purported SASL sender is now included after an existing SASL_username. 2010-03-02 (version: 1.39.01) - New: Allow enabling/disabling the summary section in config file, using var $postfix_Show_Summary and command line option --[no]summary. Thanks: Benedikt Bohm 2010-01-11 (version: 1.39.00) - New: Support 2.7 experimental branch logging: + smtpd's proxy-reject: placed in standard reject sections. + smtpd's proxy-accept: ignored. + postfix/postscreen: new section 'postscreen'. Note: memory intensive, so limiter is set to 1, showing only counts of various postscreen result. + postfix/dnsblog: new section 'dnsblog'. Note: memory intensive, so limiter is set to 1, showing only a list of DNSBL'd IPs. Disable this section by setting limiter to 0. + postfix/verify: currently ignored Thanks: Stefan Forster, Noel Jones - New: Support 2.6 access(5) action BCC. New section 'bcced'. - New: New option --[no]unknown to show/suppress output of hostname of 'unknown' in formatted ip/hostname pairs. Default: on. - New: Updated postfix-logwatch.conf files to include instructions on how to increase log scanning performance when not using policy services such as policy-spf, etc. See "Performance Note" in the .conf files. - Change/Fix: Warning sections 'ratelimit and 'concurrenclylimit merged into a new, generic 'anvil' section, which includes all of anvil's various limit exceeded messages. If you see errors after updating about these unknown limiters, be sure to replace these two deprecated limiters with the new one to your config file(s). - Change: Use DSN from delivery verification probes as first level key (section: 'deliverable'). - Change: Replace databasegeneration section header 'Database file needs update' with 'Database is older than source file', as per request on the Postfix mailing list. - Fix: Handle more, and restructure, SASL authentication failed messages. Thanks: Stefan - Fix: Ignore some smtpd cache lines; handle postmaster delay notifications. Thanks: Gabriele Beltrame - Fix: Handle more postfwd lines. - Fix: Prevent useless level 3 ':' output in section 'saslauthfail'. Thanks: Armin Tüting - Fix: Corrected some typos in man page. - Fix: Added missing Error section (how was this missed!). - Fix: Handle unmatched milter-{reject,hold,discard} lines that do not include smtpd envelope data. - Fix: reduce memory footprint for Delays reports (~30Mb per 1Mb log file). - Fix: performance increases. 2009-07-14 (version: 1.38.01) - Fix: RE typo caused policydweight lines to be unmatched. - Fix: Reduce to-be-ignored RE list searching by moving most common REs to head of the list. 2009-07-10 (version: 1.38.00pre6) - Fix: Handle Softfail and Temperror in pypolicyd-spf (PolicySPF). postfix/policy-spf. Thanks: Chris Burton. 2009-07-10 (version: 1.38.00pre5) - Fix: Comment out extra OnlyService line in postfix-logwatch.conf* files, leaving as a sample. The duplicate causes logwatch to filter out postgrey, postfwd, and policyd-spf lines. Also include '-' in the RE to capture postfix/policy-spf. Thanks: Malte Koestner, Chris Burton. 2009-07-07 (version: 1.38.00pre4) - New: Error and diagnostic output from non-postfix programs will be moved into the WarningsOther section. - Fix: Added Tarpit whitelisted to postgrey output. - Fix: Handle additional output for pypolicyd-spf, postgrey, and postfix. - Fix: Add policyd-spf to postfix_Syslog_Name and OnlyService. Thanks: Chris Burton - Fix: logic error which inadvertently incremented Notification Sent counter on ignored postfix/bounce lines. - Fix: Add -T to interpreter line (removed inadvertently to use perl debugger). - Change: Remove 'postgrey' from default syslog_name. This only affects users without a configuration file, where it is enabled by default. 2009-07-06 (version: 1.38.00pre3) - New: Handle pypolicyd-spf. Thanks: Chris Burton - New: ConnectionInbound section shows IP/hostname. Disabled by default, for performance reasons. Requested by: Jernej Porenta - Change: MxErrors changed to DNSErrors, generalizing DNS lookup errors. A beneficial side affect is the removal of the numerous DNS lookup informational "warnings" from the top of the Summary section; they can also, of course, be disabled in the Detailed section. - Fix: Handle END-OF-MESSAGE stage in reject code. 2009-07-02 (version: 1.38.00pre2) - Fix: Remove debug print - New: Section SMTP protocol violation (smtpprotocolviolation) - Change: Removed section "toomanyerrors", merging it into new section smtpprotocolviolation. - Fix: Handle "improper command pipelining ..." messages in new section smtpprotocolviolation. - Fix: Ignore more debug lines and miscellaneous canonicalization. 2009-06-29 (version: 1.38.00pre1) - New: Support milter-hold (aka: "quarantine") and milter-discard lines. Stats are located in "hold" and "discarded" sections, respectively. Requested by: Gary Casterline; - Fix: Perl v5.10 introduces tighter taint control in sprintf format strings. Perform strict data checking on $Opts{'ipaddr_width'} to untaint it, as it is used directly as an sprintf() field width specifier. Thanks: Dudi Goldenberg - Fix: Some Policy-SPF lines were unmatched, due to log format change in Mail::SPF v2.006, which changed "identify=mfrom" to "identity=mailfrom". Thanks: Chris Burton - Fix: Resolved several bugs in the Policy-SPF module: some missing return return statements, which for certain unmatched log lines would both add to the Unmatched list and increment a PolicySPF hit counter; a few older log lines would show blank IP addresses. - Fix: Postgrey whitelisted lines that did not include a host IP address were reported as unmatched. - Fix: Relax email address capture in to=, orig_to=, and from= fields in log lines. - Fix: Better diagnostic when limiter level is not specified on the command line using the --limit option. Eg: "--limit rejectbody" v. "--limit rejectbody=10" - Fix: Remove bogus --content_filter option from man page (feature not yet implemented). Thanks: David DeFranco - Fix: Better handle "Delivery temporarily suspended: conversation with xxx timed out..." deferred messages. - Fix: Handle multi-word XYZ in "blocked using XYZ" in RejectRBL. Thanks: Sergey Pylinsky - Fix: Ignore lines from postlog service. - Change: Detail level now included in Detail title - Internal: Support variable hash key lengths, but using the special key sequence of two ASCII bell's ("\a\a"). This removes the existing requirement that dummy keys must be used at the end of the %Counts accumulator hash. - Internal: Test data generation 2008-10-21 (version: 1.37.08) - Fix: Saslauth messages were not being detected if the only field in a smtpd "client=..." line was "sasl_sender=". 2008-10-20 (version: 1.37.07) - New: Support "Temporary lookup failure" temporary rejects. New reject limiter 'XXXrejectlookupfailure', where XXX is any of the set of reject codes in effect. - New: Support smtp_body_checks and smtp_*header_checks. Requested by: Noel Jones - Fix: Previous fix to support reload log line that includes postfix version number broke previous postfix reload log lines. Thanks: Armin Tüting - Fix: Setting recipient_delimiter caused RE failure, due to missing \Q \E quoting. Thanks: Armin Tüting - Fix: BCC action support from 1.37.06 had a "if" vs. "elsif" typo. Thanks: Noel Jones - Fix: Allow postgrey filter to handle absent recipient= field. Thanks: Alexander Kolesnik - Fix: Limiters were not case insensitive on the command line. - Fix: Use of bare reject limiters did not set each reply code variant of the given limiter after using --nodetail, resulting in no output for the given section. - Fix: Change Logwatch's OnlyService variable in the postfix-logwatch.conf file to also capture postfwd and postgrey. Thanks: Alex Schuilenburg - Fix: Ignore more debug lines. 2008-08-22 (version: 1.37.06) - New: Handle message_reject_characters cleanup rejects. New reject limiter 'XXXrejectcontent', where XXX is any of the set of reject reply codes in effect. - New: Support BCC action from 2.6 experimental branch. New limiter 'bcced'. - Fix: Ignore "mapping DSN status" lines. - Fix: Support reload log line including postfix version number. Postfix snapshot 2.6-2008081 - Thanks: Noel Jones - Fix: Ignore more debug lines. 2008-08-19 (version: 1.37.05) - New: Initial implementation of Postfwd reporting. Requested by: Sahil Tandon - Change: Undeliverable (address verification) section now grouped by DSN, canonicalized host reply, domainpart, localpart, and formatted host/hostip. This dramatically cleans up this section's output for systems that perform many address verifications. - Fix: Postgrey lines were being ignored due to change made to implement Ignore_Service. - Fix: handle "status=undeliverable-but-not-cached" address verification response, which is coerced into a simple "status=undeliverable". If there is any value in distinguishing the two status types, let me known and I'll create a new limiter. Thanks: Gary Casterline - Fix: missed conversion of keyword "next" to "return" in postfix_postsuper routine after inline code was converted into the subroutine. 2008-07-22 (version: 1.37.04) - Fix: recognize "approximately" in TooManyErrors section messages starting introduced in Postfix 2.6 20080621. Thanks: Noel Jones - Fix: Reset to level 0 the inadvertently changed EnvelopeSenders and EnvelopeSenderDomains (in postfix-logwatch.conf). 2008-07-18 (version: 1.37.03) - Change: TimeoutInbound will include byte count if available; default level changed to 1 to reduce noise. - Change: some additional canonicalization is performed on various "host XXX said: yyy" messages in sections like Deferrals. Much of the "said" verbiage from some large mail houses is redundant or excessive, and causes additional memory consumption. If this canonicalization presents problems, I may include an additional level of detail to present the raw message. Feedback welcome. - Fix: Supplemental sections could not be re-enabled after using --nodetail. - Fix: Handle some additional RejectRBL variants, esp. the "day old bread" list (dob.sibl.support-intelligence.net). Thanks: Michael Monnerie - Fix: Present the remote MTAs reply code/DSN, if available, at the beginning of canonicalized "host XXX said: yyy" messages. Thanks: Jorey Bump - Fix: Provide remote MTAs SMTP reply code/DSN if available in various Delay, Deferral, etc. reports. Some additional canonicalization is performed on various flavors of deferral replies. - Fix: recognize "approximately" in lost connection byte count messages starting introduced in Postfix 2.6 20080621. Thanks: Noel Jones - Internal: Ignored lines are now placed into a list, instead of hard coded into the code. In the future, this will allow users to configure ignore patterns without making code modifications. In doing this, I discovered and reported a bug in perl (#56202), but worked around the problem. - Internal: move postsuper, panic, and fatal message processing into their own subroutines. 2008-05-30 (version: 1.37.02) - Change: Some changes in Delays report. Now includes total delay time as reported in delivery agent log entry delay=x. Removed leading numbers in row titles, and cleaned up the title names. Also, reduced fields to 2 decimal places. - New: By IP (permanent) Reject report controlled with ByIpRejects limiter. Disabled by default. - Fix: Two minor fixes to PolicydWeight module: it was not the required importing inc_unmatched, and ignore diagnostic "master: ..." lines. - Fix: Eliminate some extraneous newline output. - Fix: Ignore more debug log lines. 2008-05-09 (version: 1.37.01) - Change: level limiters are no longer unique command line options, but are now parameters to the single option "--level" or "-l". This reduces the number of command line options in the help list, and simplifies the code added to support reject_reply_patterns. For example, the config file level limiter $postfix_Sent = 2, the command line option would be --limit sent=2 or -l sent=2, rather than the previous --sent=2. This also means the --no variants for level limiters are gone (eg. --nosent; instead use -l sent=0). There is no change within the configuration files. Limiters can still be abbreviated so long as they are unambiguous. - Change: Section connectionlostoverload is removed, by being merged into connectionlostinbound. - Change: PrematureEOI is now AttrError, broadened to include errors reading attributes from services. - New: Support RFC 4954 Enhanced status codes (postfix 2.5+). - New: Report "status=deferred (bounce failed)" messages under Summary section "Bounce failed". - New: Support postfix 2.6+ check_reverse_client_hostname_access Includes new reject config variable: RejectUnverifiedClient. - New: option --line_style specifies how to handle lines lengths longer than max_report_width. Options are "wrap", "full", or "truncate" (default). The older --detail >= 11 is equivalent to line_style=full; line_style=truncate or line_style=wrap has higher precedence and will dictate how long lines are handled. Alternative options are --truncate, --wrap, or --full. - New: The beginnings of a Top N config file is provided in postfix-logwatch.conf-topn. Suggestions and improvements welcome. - New: single letter options for some long options; run with --help to see list. More may be added in the future. - New: Option --ignore_services (config var $postfix_Ignore_Services) provides a mechanism to ignore postfix/SERVICE log lines, where SERVICE is a regular expression pattern. - Fix: Support Anonymous TLS in TlsServerConnect (postfix 2.5+). - Fix: Ignore output from "postfix status" command (postfix 2.5+) - Fix: Ignore more debug log lines. - Fix: When postsuper held more than one message in a given call, the Hold count shown in the Summary section indicated how many messages were held, but the Detail section showed how many postsuper calls were made. Thanks: Stefan Jakobs - Fix: Postgrey sender and recipient fields improperly reported - Fix: Allow ":unknown" as an acceptable port in smtpd's "client=..." log lines. Occurs in pre-queue content_filter setup. Thanks: Robert Brooks - Fix: At detail > 10, log lines were truncated to max_report_width. - Fix: Documentation cleanup. Thanks: Chris Pepper - Fix: Relax capture RE for resent-message-id which may contain < or > chars. Thanks: Stefan Jakobs - Fix: Reason for deferral/bounce would sometimes be incorrectly shown as unknown recipient. - Fix: Better handle the trigger subject (SMTP_NAME_*) in discard, filter, hold, redirect, and warn actions (eg. Client host, Sender address, Recipient Address, Client certificate, etc.). - Change: reduce length of some extended status codes for readability. - Change: remove hard-coded "postgrey" from the syslog name pattern matching code, and instead add it to the configuration variable postfix_Syslog_Name. - Internal: converted all Section key names to lowercase to avoid silly case errors due to hash key case differences in Sections, Opts, and Collecting hashes. - Internal: debug output is now controlled by keywords. 2008-05-09 (version: 1.36.13) Final version skipped 2008-01-14 (version: 1.36.13pre7) - New: Support ETRN rejects (option: RejectEtrn). - Fix: Include optional text in L1 output for header/body checks Hold messages. - Fix: Accept "unknown" as an IP in Connection rate limit messages. Thanks: Stefan Jakobs - Fix: Improve MxError captures - Fix: Ignore "sql auxprop plugin ..." messages - Fix: Ignore more debug_peer_level=2 messages - Fix: Correct failure to ignore "connect to subsystem..." debug lines - Fix: Add missing RejectVerify to config file 2007-12-15 (version: 1.36.13pre6) - Fix: in BounceLocal and EnvelopeSenderDomains, set null domain and formatted host to '*unknown'. - Fix: Move postfix_warning before postfix_cleanup, as some cleanup warnings were caught as unmatched. - Fix: An Accepted message is now triggered by smtpd "client=..." and pickup "uid=..." log entries, instead of qmgr's "from=xxx, size=nnn, nrcpt=nnn" log lines. A message may have been accepted during a previous time period, but delivery delays result in multiple qmgr delivery attempts, resulting in over counting Accepted messages. Thanks: Stefan Jakobs - New: Bytes delivered is now broken down by Bytes sent via SMTP, LMTP, and forwarded, to be orthogonal with message counts. - Fix: Resent messages no longer reduce the number of messages accepted - this was a naive attempt at not counting, for example, messages released and re-queued from a content filter's quarantine. 2007-11-14 (version: 1.36.13pre5) - New: Threshold limiting and Top N lists for every level in each Detail section. Every level in each section can now be limited with minimum count thresholds and top N lists. See the updated README file, the comments in the postfix-logwatch.conf file, and the new postfix-logwatch man page. Requested by: Pavel Urban - New: Rejects can now be categorized by reject reply code. A new option/variable "reject_reply_patterns" is a list of reject reply code regular expressions, which are used for categorizing rejects. This feature allows, for example, distinguishing 421 transmission channel closes from 45x errors. (eg. 450 mailbox unavailable, 451 local processing errors, 452 insufficient storage). The default list is: "5.. 4.. Warn" which creates three groups of rejects: permanent rejects, temporary failures, and reject warnings (as in warn_if_reject). Requested by: Noel Jones - New: postfix-logwatch man page created (net yet complete) - New: Support for all access(5) actions. See the "Level Limiter Options" section in the postfix-logwatch(1) man page, and "Common access control actions" in postfix-logwatch.conf. - New: Added envelope senders and envelope sender domains reports. These are disabled by default. Enable with level limiter options --envelopesenders 1 and --envelopesenderdomains 1 (or 2 to also see senders listed under domains). See also the postfix-logwatch.conf file. Suggested by: Brendan - Change: Uncomment all variables in the config file. This should help ensure the variables in the config file stay in sync with those used in the source. - Change: Merged sections SenderDelayNotification, DSNDelivered, and DSNUndelivered into NotificationSent, with sub-sections indicating the type of notification. This gives the total number of sent notifications in the Summary section, and the breakdown by type of notification in the Detailed section. - Change: Removed "msgs" prefix from several options: msgsdeferred, msgsdelivered, msgsforwarded, msgsresent, msgssent, and msgssentlmtp are now deferred, delivered, forwarded, resent, sent and sentlmtp. The old options are still usable. - Change: force --help output to 80 chars. - Change: Taint mode is now on by default in standalone mode. It is disabled upon installation in logwatch mode, as logwatch fails with taint mode enabled. - Change: Set the primary key in tlsserverconnect/tlsclientconnect options to type/cipher to reduce excessive level 2 output. - Change: Reported values that cannot be determined or are unavailable are prefixed with an asterisk (Eg. *unknown, *unspecified). - Change: Warn section title 'Warn action logged' changed simply to "Warned", to be consistent with other access/header_ and body_checks. The option is --warned, but --warn is still acceptable. - Fix: Significantly reduce memory footprint when detail < 5. - Fix: Usage and --help now correctly show only detail section level limiter options that are available. Previously, summary- only counts were also display as level limiter options. - Fix: "too many errors after DATA" and "timeout after DATA" may include a byte count, as in "(348 bytes)". Thanks: John Beaver - Fix: Ignore postgrey 'delayed ...' lines - Fix: Allow logwatch --debug option to pass into postfix-logwatch - Fix: configuration file reading code was not properly warning on non-existent files - Fix: "filter" actions were incremented on "redirect" actions - Fix: Give more room to percentiles in delays percentiles table. A 5 day delay is 432000.000 seconds, and the previous table width was not sufficient. - Fix: --show_sect_vars command line option inadvertently required an argument; the name has been shortened to --sect_vars/--nosect_vars and correctly no longer requires an argument. The longer names --[no]show_sect_vars work as well. Thanks: Noel Jones - Fix: Handle some unmatched connect to failures in section ConnectToFailure. Cleanup and consolidate several similar messages; add additional detail at level 3. - Fix: Increment postsuper Hold messages by the number of messages placed on hold. - Fix: Add "non-ESMTP response ..." messages to SmtpConversationError. First level is now the general SMTP error description. - Internal: Converted source to be package-based to allow code sharing with amavis-logwatch. The single-file executable is auto-generated from the packages. - Internal: internal gen_test_log function to create sample log data for testing. Reads '#TD' comments from within postfix-logwatch. 2007-10-16 (version: 1.36.13pre4) - Fix: Handle messages "SSL_connect error to example.com: 0" and "Cannot start TLS: handshake failure" by coercing into warnings Thanks: Rob Sterenborg 2007-10-15 (version: 1.36.13pre3) - Fix: Handle "postmaster" DSNs - Fix: Handle "discarding EHLO keywords:" (ignored) - Internal: create bounce subroutine to handle bounce messages 2007-10-05 (version: 1.36.13pre2) - New: Initial support for postgrey (http://postgrey.schweikert.ch/) Requested by: Sebastian Wolfgarten 2007-10-05 (version: 1.36.13pre1) - New: Support for policy-spf software postfix-policyd-spf-perl Requested by: Nicodemo P. and Rob Sterenborg 2007-10-05 (version: 1.36.12) - New: support postfix 2.5 log changes (20071004, 20071003) - Incompatible Change: Config variable/command line option name change: * WarningHeader changed to Warn * MsgsRedirected changed to Redirected * ConnectionLost split into ConnectionLost{Inbound,Outbound} - Incompatible Change: Distinguish inbound (smtpd) vs. outbound (smtp), which replaces ConnectionsLost with ConnectionsLostInbound and ConnectionsLostOutbound. ConnectionsLostInbound includes number of bytes received if the connection was lost during DATA. Encouraged by 2.5 20071003 change in logging. - New: Support for all header_checks(5)/body_checks(5) actions. See also postfix-logwatch.conf for "Common access control actions" - New: Option show_sect_vars shows names of section configuration variables/command line options in titles of detailed report sections. This allows easy correlation of corresponding configuration file variables/command line option for each section. [ Default: 0 ] - Fix: catch postsuper's pluralized form of Delete message"s". - New: handle "cannot load Certificate Authority data" as Misc. warning - Fix: Makefile: no -D option to install in FreeBSD. Use -d instead - Change: ConnectionLostInbound now defaults to level 1 only - Internal: Numerous code cleanups, re-factoring and restructuring - Internal: Test data migrating to include the correct postfix service, as internal code moves towards using the service name as an initial log line match qualifier 2007-09-13 (version: 1.36.11) - Incompatible Change: All TempRejectXXX and RejectWarnXXX options/config vars have been renamed for easier identification in the code, and consistency. Now, all Reject variants look like RejectXXXyyy, where XXX is the given reject name (Helo, RBL, etc), and yyy is the optional reject type of "Warn" (warn_if_reject) or "Temp" (4xx temporary rejects). For example, the previously named RejectRelay, RejectWarnRelay and TempRejectRelay are now named RejectRelay, RejectRelayWarn and RejectRelayTemp. See the usage information or the .conf file to see the list. - Fix: A %Counts accumulator must use the same number of keys consistently. This error caused some totals to be wildly incorrect, and the fatal perl error: "Can't use string ("XXX") as a HASH ref while "strict refs" in use ..." Fortunately, this error only occurred with a specific set of data, which seemed not too common. - Fix: remove Temp and Warn variants of RejectHeader and RejectBody - they don't exist. - Fix: Add Temp variant of RejectMilter - New: Add ProcessLimit section for 2.5 stress messages - New: accommodate postfix patch which also logs HELO name in smtpd's "QID: client=..." log entries. - Thanks: Noel Jones 2007-09-09 (version: 1.36.10) - New: handle "reject: DATA from ... : Data command rejected: ..." - New: ignore "fingerprint=20:..." lines - Thanks Farkas Levente 2007-09-01 (version: 1.36.9) - Fix: remove rooted path in md5 file - Fix: Makefile install-logwatch rule was missing a parenthesis - Fix: Makefile updates from Till Mass 2007-08-31 (version: 1.36.8) - Change: Include GPLv2 license - Change: Include version number in tarball file name - Internal: Move CVS log comments to Changes file 2007-08-31 (version: 1.36.7) - Fix: capture older postfix RCPT from RBL reject entries. Thanks Hugo van der Kooij 2007-08-15 (version: 1.36.6) - Changed: for sorting purposes, lowercase localpart of rejected email addresses - Change: Output help and version info on STDOUT for easier pipelines to a pager - New: option --nodetail zeros out all detail levels, to more easily obtain only specified detailed reports (eg: --nodetail --rejecthelo 1) will only show a list of rejected HELOs in the details section. - New: option --nosummary disables the summary section - New: detailed section command line arguments can now be specified with the prefix "no", to set the level to 0 (eg. --nomsgssent is equivalent to --msgssent 0). - Internal: split printReports into printSummaryReport and printDetailReport - Internal: change variable Formats to the more obvious named Sections 2007-08-03 (version: 1.36.5) - Changed: rejected addresses collected by domain, then localpart - New: delay percentiles report. Config vars: show_delays and delays_percentiles; command line --[no]delays - Fix: Yes/True and No/False config values weren't being read properly in standalone 2007-08-01 (version: 1.36.4) - New: option --config_file allows specifying a configuration file via command line. Options in configuration file act as though they were set on the command line in order, with earlier settings being over- ridden by most recent settings. Multiple config_file options may be specified. - Change: Summary title includes syslog_name in standalone mode - Change: Remove some extraneous newlines 2007-07-24 (version: 1.36.3) - Refine anvil connection rate exceeded messages 2007-07-13 (version: 1.36.2) - Support FreeBSD ( precedes hostname in syslog) - Thanks Clemens Fischer 2007-07-10 - Ignore "nss_ldap: reconnected to LDAP server ..." - Handle "discard: header/body: messages - Thanks Jay Chandler 2007-07-03 - Corrected some minor typos 2007-06-08 - Changed titles shown for sender notifications of (non-)delivery and delay - Corrected some incorrect config file variable names. Thanks: Nicolas 2007-06-02 - Do not strip <> when address is '<>' in Illegal address syntax 2007-06-01 - Changed warning output for smtpd messages: "lost connection after CONNECT from unknown[unknown]". Previous warning erroneously attributed this to pre-queue content filter overloads, but the problem indicates a more general smtpd overload. 2007-05-31 - Fix bug which caused config file to be required in standalone mode 2007-05-30 - Support delay_reject=no (debian: 426726) - Ignore additional unmatched TLS debug messages - Initial support for redirect messages - Some corrected typos - Thanks Jusin Pryzby 2007-05-25 - Experimental: syntax to limit Top N level 1 output lines. Variables that control depth levels in detailed reports can be specified as m.n, where m is the maximum level to output, and n specifies the number of level 1 items output. Eg: $postfix_MsgsSent=2.10, will output the top 10 level 1 items, with each item providing 2 levels of detail. - Protect interpolated recipient addresses in cleanhostreply with \Q \E e Add zero-width assertions and use strict IP RE in bycount sort subroutine to match IP addresses more reliably 2007-05-09 - Ignore a few more policydweigh child or cache entries - Escape metacharacters from being interpreted in recipient_delimiter - Never split mailer-daemon, double-bounce, or when recipient_delimiter is a "-" (dash) never split owner- or -request localparts 2007-05-08 - Support for running in standalone mode (independent of logwatch) - Renamed script to "postfix-logwatch" to avoid confusion when running in standalone mode. See the README. - Add relay=virtual to "local" class for local vs. remote bounces 2007-05-07 - Handle and report postfix/policydweight lines (postfix_PolicydWeight) - Handle and report Host offered STARTTLS lines - Generalize "maildrop: Unable to create a dot-lock at " messages - Corrected typo that prevented fatal errors from being output 2007-04-26 - Consolidate similar MX errors - set IP address to 127.0.0.1 when from=local, and reporting both host/hostip - More cleanup (re-factor common code, replace most global variables with lexicals, lowercase non-global variable names, shorten variable names, etc.) - Capture postsuper hold messages 2007-04-25 - Support postfix 2.5 TLS message changes (smtpd_tls_loglevel > 0) - Move 4xx temporary rejects into their own section (experimental feature) 2007-04-18 - Allow for hold messages that do not contain a recipient (Thanks John Wilcock) 2007-03-26 - Lowercase recipient addresses in several Reject sections 2007-03-22 - Accept spf.pobox.com URLs in Reject recipient address 2007-03-21 - Handle spf lines from older version of postfix-spf, and spf.pobox.com URLs 2007-03-20 - Capture and report postfix-spf lines - New config variable postfix_PolicySPF 2007-03-13 - Capture and report reject_unknown_reverse_client_hostname. Thanks Michael M. 2007-03-09 - Capture and report as config warning: "looking for plugins" NSF error 2007-03-03 - fix reject header|body RE to allow "local" as host/ip - really ignore lines that don't match SyslogName; - add inc_unmatched subroutine for easier debug of unmatched lines 2007-02-27 - Capture and summarize postfix-script output (starts, stops, refresh, etc.) - Remove redundant chomps 2007-02-26 - Fix problem in sort routine where IP addresses were being captured anywhere in an output line for comparison via pack 'C4' - only attempt IP comparison if an IP address is the start of an output line Thanks: Ian - Provide support for syslog_name in Postfix 2.4 via postfix.conf variable postfix_Syslog_Name - Classify PIX workarounds based on type (there are several) - Change summary output criteria to check for any non-zero Totals 2007-02-25 - Do not interpolate log lines into printf; they may contain % chars 2007-02-17 - Ensure no output occurs when nothing is captured 2007-02-15 - Place recipients and senders in their own keys, instead of combined 2007-02-14 - Fix countdown bug in Deliveries, as ncrpt does not account for always_bcc 2007-02-14 - Make reject and warn_if_reject distinct sections - Track Qids to properly report messages and bytes sent / accepted - Also track messages deferred (each of which may have many deferrals) - Consider reject VRFY a reject and accumulate in reject totals - Move header/body reject code in with the rest of the reject code - Move 'MAIL from' reject code in with the rest of the reject code - Remove unused variable - Print row heading separator lines only when appropriate - Move printing of report headings into printReports - Change Sent header to Sent via SMTP (orthogonal to Sent via LMTP) 2007-02-09 - Better processing of remote server "host...said" replies - Made maximum report width configurable in postfix.conf - All lines in report now obey max report width 2007-02-07 - Changed all From -> To lines to To <- From. From address is often bogus and To is more interesting to see. 2007-02-06 - Added new configuration variable "postfix_Recipient_Delimiter", which can be set to match the postfix variable "recipient_delimiter". When set, allows Delivered and Sent reports to be grouped by email addresses minus their address extension. - Liberalized the RE for capturing VFRY rejects - Reverted change of primary SASL authenticated messages; primary key is once again User, followed by Method. Unknown is reported when these keys are not available. - Created a SASL authenticated relayed messages which hits with sasl_sender is present in smtpd messages - Split orig_to email addresses into a subkey. Allows reports to be grouped by primary "to" address, instead of various aliases. - Move Host/HostIP into their own keys for Bounce Remote section - For Pix Workaround section, format HostIP / Host the same as others - Add 'o' option where missing in REs - Fix configuration variable importing 2007-02-03 - Added VFRY reject section - Changed primary key for SASL authentication section to IP/hostname, as any of sasl_{method,sender,user} may be absent - Added RFC 3463 DSN code messages to bounce/deferred sections - More parsing of various "host...said" remote server messages - Add Sent via LMTP section, removing lmtp-delivered mail out of Delivered. Allows users with lmtp-based content filters to avoid double counting (but only for message counts; byte counts are still about 50% too large). Config variable postfix_MsgsSentLmtp controls display 2007-01-28 - Added pre-queue content-filter overload section - Reworked Bounce (local/remote) and Deferred sections - Fixed several reversed captures of Host and HostIP - Format Host and HostIP in Numeric hostname section - Thanks: Mike Horwath 2007-01-28 - Made Reason the primary key in Deliverable/Undeliverable 'sendmail -bv' tests - Modified re_DSN RE to capture DSNs missing 3 number response code - Enhanced SASL authenticated messages to capture missing log lines - Added milter-reject section - Updated 'Reject server configuration error' RE for older postfix versions - Fix copy/paste error which caused use of incorrect variable in bad size limit - Add Concurrency limit reached section - Add "maildrop" to the list of relay's considered local in Bounce section 2007-01-23 - Aggregate recipient/sender address verification lines (Thanks Harald Geiger) - Uppercase message in reject recipient section 2007-01-22 - Update REs to allow null sender in sender addresses 2007-01-19 - Capture and summarize "triggers FILTER" messages (Thanks Eray Aslan) - Fix overly permissive Server configuration error RE (Thanks Harald Geiger) - Add "Server configuration error" rejects to Reject totals - Add "Insufficient system storage" rejects to Reject totals - Make RejectSize report consistent with others 2007-01-17 - Update IP RE to support IPV6 (Thanks Harald Geiger) - Aggregate reject recipient address caused by SPF (Thanks Harald Geiger) 2007-01-16 - Made Reject HELO/EHLO report consistent with others: demoted Helo=xxx string (Thanks: Jorey Bump) - Fixed incorrect TotalRejects summation (typo) - "Accepted" / "Rejected" summation is no longer based on "Connection"; now Total = Accepted + Rejected * Client may or may not close connection properly after reject * Multiple rejects for single connection can occur - ConnectToFailure header incorrectly indicated connection was "inbound" - Included Makefile for ease of installation during this testing phase (Thanks: Jorey Bump) 2006-12-16 - Add pcre map warnings - Reordered headings to produce more obvious correlation with percentage breakdowns - Second key sort is now the illegal address in illegal address in SMTP command - More optimization of log entry capturing - Added Sent category capturing outbound SMTP connections requires modified /usr/share/logwatch/default.conf/services/postfix.conf or /etc/logwatch/conf/services/postfix.con - Added ability to control max print depth on a per section basis - Renamed Received to Accepted (to indicate accepted for delivery, and better opposite of Reject) NOTE: Accepted shows less than that of pflogsumm's Received, which incorrectly increments rejected messages - Reduce Accepted by Deferred and Resent, which cause double counting - Removed erroneous a-z in RE for capturing QIDs - Added Panic section for postfix panic messages - Fixed bug which failed to increment watchdog timers - Started work on better debug capability 2006-12-13 - Removed extra blank line for Detail <= 5 - Filter many more debug lines - Catch and group additional warning and fatal messages 2006-12-12 - Made reject header/body output consistent with each other - Sort reject header/body first by recipient address, for tighter groupings - reject reason is typically random - Trimmed excess whitespace in reject header/body reasons - Added extra line between level 1 headings - Group SASL authenticated messages by sasl_username - Filter TLS and SASL debug messages (smtpd_tls_loglevel = 2) Rewrite by Mike Cappella (MrC) Revision 1.29 2007/01/27 20:21:46 mrc - Provide more useful information and summaries - Provide increasing detail as requested via --detail - Provide ability to configure per section maximum detail - Optimize and combine the numerous REs - Capture and summarize many more log lines - Pin important errors to top of report - Sort by hits, IP, and lexically - Handle IPv6 addresses - Generalize log line capturing and reporting - Eliminate excessive copy/paste reporting code - Requires updated postfix.conf file - Thanks: Eray Aslan, Jorey Bump, Harald Geiger, Bill Hudacek, Frederic Jacquet, Geert Janssens, Leon Kolchinsky, Rob Myroon Revision 1.28 2006/12/15 06:24:49 bjorn Filtering "sender non-delivery notification", by Ivana Varekova. Revision 1.27 2006/12/15 05:00:41 bjorn Filter all held message logs, by Hugo van der Kooij. Revision 1.26 2006/10/20 16:51:50 bjorn Additional matching of sasl messages, by Willi Mann. Revision 1.25 2006/08/13 21:25:55 bjorn Updates to work with the Postfix 2.3.x series (due to log format changes), by Mike Cappella. Revision 1.24 2006/03/22 17:43:46 bjorn Changes by Harald Geiger: - ignore additional statistics: messages (Postfix 2.2) - replaced several 5xx Codes by [0-9]+ (main reason is to make them match on 4xx if in soft_bounce=yes mode) - a more generic "Client host rejected" reporting - changed "Messages rejected:" to "Messages rejected from sender:" Revision 1.23 2005/12/19 15:47:47 bjorn Updates from Mike Cappella: - Catches some of the Unknown Users messages from newer versions of postfix - Consolidates a couple of REs - Adds a cumulative total to each of the Unknown users and Header content rejection headers - Adds a Body content rejection section Revision 1.22 2005/11/22 18:30:47 bjorn Detecting 'virtual alias table', by Kevin Old. Revision 1.21 2005/08/23 23:54:38 mike Fixed typo probably from Roland Hermans -mgt Revision 1.20 2005/07/25 22:26:28 bjorn Added "Sender address" to "554 Service unavailable" regexp, by Who Knows Revision 1.19 2005/04/22 13:48:28 bjorn This patch catches (un)deliverable messages and many more, which were missing until now on mu new postfix-2.1.*, from PaweÅ‚ GoÅ‚aszewski Revision 1.18 2005/04/17 23:12:28 bjorn Patches from Peter Bieringer and Willi Mann: ignoring more lines and some blank spaces Revision 1.17 2005/02/24 17:08:05 kirk Applying consolidated patches from Mike Tremaine Revision 1.7 2005/02/16 00:43:28 mgt Added #vi tag to everything, updated ignore.conf with comments, added emerge and netopia to the tree from Laurent -mgt Revision 1.6 2005/02/13 23:50:42 mgt Tons of patches from Pawel and PLD Linux folks...Thanks! -mgt Revision 1.5 2004/10/06 21:42:53 mgt patches from Pawel quien-sabe -mgt Revision 1.4 2004/07/29 19:33:29 mgt Chmod and removed perl call -mgt Revision 1.3 2004/07/10 01:54:35 mgt sync with kirk -mgt Revision 1.13 2004/06/23 15:01:17 kirk - Added more patches from blues@ds.pg.gda.pl Revision 1.12 2004/06/21 14:59:05 kirk Added tons of patches from Pawe? Go?aszewski" Thanks, as always! Revision 1.11 2004/06/21 13:42:02 kirk From: Matthew Wise This is more of a suggestion than a true patch submission. On a busy postfix server the messages sent by section is really long and not helpful. This patch finds and lists the top 10 senders by number of messages. Revision 1.10 2004/06/21 13:41:04 kirk Patch from rod@nayfield.com Revision 1.9.1 2004/02/22 16:44:01 rod Added patch from rod@nayfield.com Revision 1.9 2004/02/03 03:25:02 kirk Added patch from quien-sabe@metaorg.com Revision 1.8 2004/02/03 02:45:26 kirk Tons of patches, and new 'oidentd' and 'shaperd' filters from Pawe? Go?aszewski" Revision 1.7 2003/12/15 18:35:03 kirk Tons of patches from blues@ds.pg.gda.pl Revision 1.6 2003/12/15 18:09:23 kirk Added standard vi formatting commands at the bottom of all files. Applied many patches from blues@ds.pg.gda.pl Revision 1.5 2003/12/15 17:45:09 kirk Added clamAV update log filter from lars@spinn.dk Revision 1.4 2003/11/26 14:36:30 kirk Applied patch from blues@ds.pg.gda.pl Revision 1.3 2003/11/18 14:04:05 kirk More patches from blues@ds.pg.gda.pl Revision 1.2 2003/11/18 04:02:21 kirk Patch from blues@ds.pg.gda.pl Revision 1.1 2003/11/03 04:49:18 kirk Added postfix filter from Sven Conrad Revision 1.1 2002/03/29 15:32:14 kirk Added some filters found in RH's release Revision ??? 2000/07/12 Simon Liddington converted from sendmail to postfix Sven Conrad added unknown users, relay denials Revision 1.1 2003/03/21 21:10 sven Initial revision filters all postfix/ messages