Lines that look like
NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy
were not being matched. There were two similar matches, one for a
specific "too many connections" error
NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
and another for a more general form intended to match "all screening
ports busy" errors from postscreen:
reject: connect from [192.168.0.1]:21225: all screening ports busy
The general form is preferable in my opinion, but the "screening
ports" message is a bit of a black sheep. As a result, even the more
general regular expression didn't match the other two errors due to
their beginning with "NOQUEUE" and using an uppercase "CONNECT".
To fix this, the general regular expression was made even more
general. Now, a leading "NOQUEUE: " is optional, and the "CONNECT" can
be capitalized. Thus, one regular expression now catches all three
messages.
}
}
- elsif ($line =~ /^NOQUEUE: reject: CONNECT from \[([^]]+)\](?::\d+)?: too many connections/) {
- # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
- $Counts{'postscreen'}{'reject'}{'Too many connections'}{$1}{$END_KEY}++ if $Collecting{'postscreen'};
- }
-
- elsif ($line =~ /^reject: connect from \[([^]]+)\](?::\d+)?: (.+)$/) {
- # reject: connect from [192.168.0.1]:21225: all screening ports busy
- $Counts{'postscreen'}{'reject'}{"\u$2"}{$1}{$END_KEY}++ if $Collecting{'postscreen'};
+ elsif ($line =~ /^(NOQUEUE: )?reject: (connect|CONNECT) from \[([^]]+)\](?::\d+)?: (.+)$/) {
+ # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
+ # NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy
+ # reject: connect from [192.168.0.1]:21225: all screening ports busy
+ $Counts{'postscreen'}{'reject'}{"\u$4"}{$3}{$END_KEY}++ if $Collecting{'postscreen'};
}
elsif ($line =~ /^(?:WHITELIST VETO) \[([^]]+)\](?::\d+)?$/) {
projects / postfix-logwatch.git / commitdiff