From 7b3930a9d44f91a63f0edbe765c75dc8f6128b7c Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Wed, 26 Dec 2018 12:54:15 -0500 Subject: [PATCH 1/1] Match postscreen "all server ports busy" lines. Lines that look like NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy were not being matched. There were two similar matches, one for a specific "too many connections" error NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections and another for a more general form intended to match "all screening ports busy" errors from postscreen: reject: connect from [192.168.0.1]:21225: all screening ports busy The general form is preferable in my opinion, but the "screening ports" message is a bit of a black sheep. As a result, even the more general regular expression didn't match the other two errors due to their beginning with "NOQUEUE" and using an uppercase "CONNECT". To fix this, the general regular expression was made even more general. Now, a leading "NOQUEUE: " is optional, and the "CONNECT" can be capitalized. Thus, one regular expression now catches all three messages. --- postfix-logwatch | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/postfix-logwatch b/postfix-logwatch index 827dfe0..648ba7a 100644 --- a/postfix-logwatch +++ b/postfix-logwatch @@ -4399,14 +4399,11 @@ sub postfix_postscreen { } } - elsif ($line =~ /^NOQUEUE: reject: CONNECT from \[([^]]+)\](?::\d+)?: too many connections/) { - # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections - $Counts{'postscreen'}{'reject'}{'Too many connections'}{$1}{$END_KEY}++ if $Collecting{'postscreen'}; - } - - elsif ($line =~ /^reject: connect from \[([^]]+)\](?::\d+)?: (.+)$/) { - # reject: connect from [192.168.0.1]:21225: all screening ports busy - $Counts{'postscreen'}{'reject'}{"\u$2"}{$1}{$END_KEY}++ if $Collecting{'postscreen'}; + elsif ($line =~ /^(NOQUEUE: )?reject: (connect|CONNECT) from \[([^]]+)\](?::\d+)?: (.+)$/) { + # NOQUEUE: reject: CONNECT from [192.168.0.1]:7197: too many connections + # NOQUEUE: reject: CONNECT from [192.168.0.1]:39410: all server ports busy + # reject: connect from [192.168.0.1]:21225: all screening ports busy + $Counts{'postscreen'}{'reject'}{"\u$4"}{$3}{$END_KEY}++ if $Collecting{'postscreen'}; } elsif ($line =~ /^(?:WHITELIST VETO) \[([^]]+)\](?::\d+)?$/) { -- 2.19.2