Support respectful logging.

[postfix-logwatch.git] / postfix-logwatch

diff --git a/postfix-logwatch b/postfix-logwatch
index 92ed62138fe0d37ab30268f40c8e5ccbc3ee67d3..be28795b543c8f5288be27c1c488253e0333761d 100644 (file)
--- a/postfix-logwatch
+++ b/postfix-logwatch
@@ -66,7 +66,9 @@ my $re_QID_s   = qr/[A-Z\d]+/;
 my $re_QID_l   = qr/(?:NOQUEUE|[bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ\d]+)/;
 our $re_QID;
 
-our $re_DSN     = qr/(?:(?:\d{3})?(?: ?\d\.\d\.\d)?)/;
+# The enhanced status codes can contain two-digit (or more) numbers;
+# for example, "550 5.7.23".
+our $re_DSN     = qr/(?:(?:\d{3})?(?: ?\d+\.\d+\.\d+)?)/;
 our $re_DDD     = qr/(?:(?:conn_use=\d+ )?delay=-?[\d.]+(?:, delays=[\d\/.]+)?(?:, dsn=[\d.]+)?)/;
 
 #MODULE: ../Logreporters/Utils.pm
@@ -1276,8 +1278,8 @@ sub print_unmatched_report() {
 
        1978   SpamAssassin bypassed 
          18   Released from quarantine 
-       1982   Whitelisted           
-          3   Blacklisted           
+       1982   Allowlisted           
+          3   Denylisted            
          12   MIME error            
          51   Bad header (debug supplemental) 
          28   Extra code modules loaded at runtime 
@@ -4357,7 +4359,8 @@ sub postfix_postscreen {
       $line =~ /discarding EHLO keywords: / or
       $line =~ /: discard_mask / or
       $line =~ /: sq=\d+ cq=\d+ event/ or
-      $line =~ /: replacing command "/
+      $line =~ /: replacing command "/ or
+      $line =~ /^(DATA|BDAT) without valid RCPT/
    );
 
 
@@ -4367,7 +4370,12 @@ sub postfix_postscreen {
        ($line =~ /^(HANGUP) (?:after \S+)? from \[([^]]+)\](?::\d+)?/)) {
       $Counts{'postscreen'}{lc $1}{$2}{$END_KEY}++  if $Collecting{'postscreen'};
    }
-   elsif ($line =~ /^(WHITELISTED|BLACKLISTED|PASS \S+) \[([^]]+)\](?::\d+)?$/) {
+   elsif ($line =~ /^((ALLOW|WHITE|BLACK|DENY)LISTED|PASS \S+) \[([^]]+)\](?::\d+)?$/) {
+      # This will display two separate counts for e.g. "allowlisted"
+      # and "whitelisted" if you change your configuration in the
+      # middle of the day, but I don't see that as a huge problem.
+      #
+      # ALLOWLISTED [40.92.75.48]:17085
       # PASS NEW [192.168.0.2]:12345
       # PASS OLD [192.168.0.3]:12345
       $Counts{'postscreen'}{lc $1}{$2}{$END_KEY}++  if $Collecting{'postscreen'};
@@ -4397,19 +4405,16 @@ sub postfix_postscreen {
       }
    }
 
-   elsif ($line =~ /^NOQUEUE: reject: CONNECT from \[([^]]+)\](?::\d+)?: too many connections/) {
-      # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
-      $Counts{'postscreen'}{'reject'}{'Too many connections'}{$1}{$END_KEY}++      if $Collecting{'postscreen'};
-   }
-
-   elsif ($line =~ /^reject: connect from \[([^]]+)\](?::\d+)?: (.+)$/) {
-      # reject: connect from [192.168.0.1]:21225: all screening ports busy
-      $Counts{'postscreen'}{'reject'}{"\u$2"}{$1}{$END_KEY}++      if $Collecting{'postscreen'};
+   elsif ($line =~ /^(NOQUEUE: )?reject: (connect|CONNECT) from \[([^]]+)\](?::\d+)?: (.+)$/) {
+       # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
+       # NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy
+       # reject: connect from [192.168.0.1]:21225: all screening ports busy
+      $Counts{'postscreen'}{'reject'}{"\u$4"}{$3}{$END_KEY}++      if $Collecting{'postscreen'};
    }
 
-   elsif ($line =~ /^(?:WHITELIST VETO) \[([^]]+)\](?::\d+)?$/) {
+   elsif ($line =~ /^(?:(WHITE|ALLOW)LIST VETO) \[([^]]+)\](?::\d+)?$/) {
       # WHITELIST VETO [192.168.0.8]:43579
-      $Counts{'postscreen'}{'whitelist veto'}{$1}{$END_KEY}++  if $Collecting{'postscreen'};
+      $Counts{'postscreen'}{'allowlist veto'}{$1}{$END_KEY}++  if $Collecting{'postscreen'};
    }
 
    elsif ($line =~ /^(entering|leaving) STRESS mode with (\d+) connections$/) {