blob: dd5ae5869eb28d3d0da305097d5260ffe2afa356 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
From 7b3930a9d44f91a63f0edbe765c75dc8f6128b7c Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Wed, 26 Dec 2018 12:54:15 -0500
Subject: [PATCH 1/1] Match postscreen "all server ports busy" lines.
Lines that look like
NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy
were not being matched. There were two similar matches, one for a
specific "too many connections" error
NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
and another for a more general form intended to match "all screening
ports busy" errors from postscreen:
reject: connect from [192.168.0.1]:21225: all screening ports busy
The general form is preferable in my opinion, but the "screening
ports" message is a bit of a black sheep. As a result, even the more
general regular expression didn't match the other two errors due to
their beginning with "NOQUEUE" and using an uppercase "CONNECT".
To fix this, the general regular expression was made even more
general. Now, a leading "NOQUEUE: " is optional, and the "CONNECT" can
be capitalized. Thus, one regular expression now catches all three
messages.
---
postfix-logwatch | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/postfix-logwatch b/postfix-logwatch
index 827dfe0..648ba7a 100644
--- a/postfix-logwatch
+++ b/postfix-logwatch
@@ -4399,14 +4399,11 @@ sub postfix_postscreen {
}
}
- elsif ($line =~ /^NOQUEUE: reject: CONNECT from \[([^]]+)\](?::\d+)?: too many connections/) {
- # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
- $Counts{'postscreen'}{'reject'}{'Too many connections'}{$1}{$END_KEY}++ if $Collecting{'postscreen'};
- }
-
- elsif ($line =~ /^reject: connect from \[([^]]+)\](?::\d+)?: (.+)$/) {
- # reject: connect from [192.168.0.1]:21225: all screening ports busy
- $Counts{'postscreen'}{'reject'}{"\u$2"}{$1}{$END_KEY}++ if $Collecting{'postscreen'};
+ elsif ($line =~ /^(NOQUEUE: )?reject: (connect|CONNECT) from \[([^]]+)\](?::\d+)?: (.+)$/) {
+ # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections
+ # NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy
+ # reject: connect from [192.168.0.1]:21225: all screening ports busy
+ $Counts{'postscreen'}{'reject'}{"\u$4"}{$3}{$END_KEY}++ if $Collecting{'postscreen'};
}
elsif ($line =~ /^(?:WHITELIST VETO) \[([^]]+)\](?::\d+)?$/) {
--
2.19.2
|