[CentOS] Logwatch reporting spamassassin messages as unmatched entries

Mon Feb 28 18:45:27 UTC 2011
Cameron Kerr <cameron at humbledown.org>

On 28/02/2011, at 10:19 PM, Steve Searle wrote:

> I've recently switched to using spamassassin via a sendmail milter,
> rather than using procmail to invoke it. This means that I get a number
> of messages appearing in my maillog, and then being reported by logwatch
> as unmatched entries.
> 
> An example of such a messages is:

It's being reported by sendmail, not by spamassassin, it seems. Or perhaps is just passing through to the logs what spamassassin in outputting.

Assumably you're calling out to spamass-milter. Are you passing any debug (-d) flags?

As to whether to prevent it being logged, or to ignore it in the logs, you would need to consider whether or not you want it in your logs... it could total to a fairly large amount and could in itself become a vector for a disk-filling attack.

> Feb 27 04:33:09 quail sendmail[24780]: p1R4X46P024780[2]: URIBL blacklist

To filter it in logcheck, you could act just on this part

> 

^\w{3} [ :0-9]{11} [,_[:alnum:]-]+ sendmail\[[0-9]+\]: [a-zA-Z0-9]\[[0-9]+\]: URIBL blacklist

(This has not been tested, the first part comes from a standard Ubuntu install of logcheck, which is likely to also be the case in CentOS)

Sorry, I can't help you with the sendmail part of it.