From 49d712dc7903b4269be9e9431b22494c08e7a184 Mon Sep 17 00:00:00 2001 From: Thomas Walter Date: Tue, 3 Dec 2024 10:55:20 +0100 Subject: [PATCH 1/2] Add postfix_message to POSTFIX_SMTPD --- postfix.grok | 3 ++- test/smtpd_0039.yaml | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 test/smtpd_0039.yaml diff --git a/postfix.grok b/postfix.grok index ef62961..b87ecbe 100644 --- a/postfix.grok +++ b/postfix.grok @@ -43,6 +43,7 @@ POSTFIX_SMTPD_LOSTCONN %{POSTFIX_LOSTCONN:postfix_smtpd_lostconn_data}( after %{ POSTFIX_SMTPD_NOQUEUE %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_ACTION:postfix_action}: %{POSTFIX_SMTP_STAGE:postfix_smtp_stage} from %{POSTFIX_CLIENT}:( %{POSTFIX_STATUS_CODE:postfix_status_code} %{POSTFIX_STATUS_CODE_ENHANCED:postfix_status_code_enhanced})?( <%{DATA:postfix_status_data}>:)? (%{POSTFIX_DNSBL_MESSAGE}|%{GREEDYDATA:postfix_status_message};) %{POSTFIX_KEYVALUE_DATA:postfix_keyvalue_data} POSTFIX_SMTPD_PIPELINING improper command pipelining after %{POSTFIX_SMTP_STAGE:postfix_smtp_stage} from %{POSTFIX_CLIENT}: %{GREEDYDATA:postfix_improper_pipelining_data} POSTFIX_SMTPD_PROXY proxy-%{POSTFIX_ACTION:postfix_proxy_result}: (%{POSTFIX_SMTP_STAGE:postfix_proxy_smtp_stage}): %{POSTFIX_PROXY_MESSAGE:postfix_proxy_message}; %{POSTFIX_KEYVALUE_DATA:postfix_keyvalue_data} +POSTFIX_SMTPD_INFO (?discarding EHLO keywords: %{GREEDYDATA}) # cleanup patterns POSTFIX_CLEANUP_MILTER %{POSTFIX_QUEUEID:postfix_queueid}: milter-%{POSTFIX_ACTION:postfix_milter_result}: %{GREEDYDATA:postfix_milter_message}; %{GREEDYDATA_NO_COLON:postfix_keyvalue_data}(: %{GREEDYDATA:postfix_milter_data})? @@ -126,7 +127,7 @@ POSTFIX_TLS_FEAT_REQUIRETLS (?\!)?(?\w+)(:(?\w+))?(?\?)?(/%{POSTFIX_TLS_FEAT_REQUIRETLS})? # aggregate all patterns -POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_KEYVALUE} +POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_SMTPD_INFO}|%{POSTFIX_KEYVALUE} POSTFIX_CLEANUP %{POSTFIX_CLEANUP_MESSAGEID}|%{POSTFIX_CLEANUP_MILTER}|%{POSTFIX_CLEANUP_PREPEND}|%{POSTFIX_WARNING}|%{POSTFIX_KEYVALUE} POSTFIX_QMGR %{POSTFIX_QMGR_INFO}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING} POSTFIX_PIPE %{POSTFIX_PIPE_ANY} diff --git a/test/smtpd_0039.yaml b/test/smtpd_0039.yaml new file mode 100644 index 0000000..dd61904 --- /dev/null +++ b/test/smtpd_0039.yaml @@ -0,0 +1,4 @@ +pattern: ^%{POSTFIX_SMTPD}$ +data: "discarding EHLO keywords: CHUNKING" +results: + postfix_message: "discarding EHLO keywords: CHUNKING" From b00700071ca67e1935861f3ee2f6941c0d93e565 Mon Sep 17 00:00:00 2001 From: Tom Hendrikx Date: Sat, 29 Nov 2025 21:38:56 +0100 Subject: [PATCH 2/2] Refactor into specific pattern for discarded EHLO keywords --- postfix.grok | 4 ++-- test/smtpd_0039.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/postfix.grok b/postfix.grok index b87ecbe..625995e 100644 --- a/postfix.grok +++ b/postfix.grok @@ -43,7 +43,7 @@ POSTFIX_SMTPD_LOSTCONN %{POSTFIX_LOSTCONN:postfix_smtpd_lostconn_data}( after %{ POSTFIX_SMTPD_NOQUEUE %{POSTFIX_QUEUEID:postfix_queueid}: %{POSTFIX_ACTION:postfix_action}: %{POSTFIX_SMTP_STAGE:postfix_smtp_stage} from %{POSTFIX_CLIENT}:( %{POSTFIX_STATUS_CODE:postfix_status_code} %{POSTFIX_STATUS_CODE_ENHANCED:postfix_status_code_enhanced})?( <%{DATA:postfix_status_data}>:)? (%{POSTFIX_DNSBL_MESSAGE}|%{GREEDYDATA:postfix_status_message};) %{POSTFIX_KEYVALUE_DATA:postfix_keyvalue_data} POSTFIX_SMTPD_PIPELINING improper command pipelining after %{POSTFIX_SMTP_STAGE:postfix_smtp_stage} from %{POSTFIX_CLIENT}: %{GREEDYDATA:postfix_improper_pipelining_data} POSTFIX_SMTPD_PROXY proxy-%{POSTFIX_ACTION:postfix_proxy_result}: (%{POSTFIX_SMTP_STAGE:postfix_proxy_smtp_stage}): %{POSTFIX_PROXY_MESSAGE:postfix_proxy_message}; %{POSTFIX_KEYVALUE_DATA:postfix_keyvalue_data} -POSTFIX_SMTPD_INFO (?discarding EHLO keywords: %{GREEDYDATA}) +POSTFIX_SMTPD_DISCARD_EHLO discarding EHLO keywords: (?%{GREEDYDATA}) # cleanup patterns POSTFIX_CLEANUP_MILTER %{POSTFIX_QUEUEID:postfix_queueid}: milter-%{POSTFIX_ACTION:postfix_milter_result}: %{GREEDYDATA:postfix_milter_message}; %{GREEDYDATA_NO_COLON:postfix_keyvalue_data}(: %{GREEDYDATA:postfix_milter_data})? @@ -127,7 +127,7 @@ POSTFIX_TLS_FEAT_REQUIRETLS (?\!)?(?\w+)(:(?\w+))?(?\?)?(/%{POSTFIX_TLS_FEAT_REQUIRETLS})? # aggregate all patterns -POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_SMTPD_INFO}|%{POSTFIX_KEYVALUE} +POSTFIX_SMTPD %{POSTFIX_SMTPD_CONNECT}|%{POSTFIX_SMTPD_DISCONNECT}|%{POSTFIX_SMTPD_LOSTCONN}|%{POSTFIX_SMTPD_NOQUEUE}|%{POSTFIX_SMTPD_PIPELINING}|%{POSTFIX_TLSCONN}|%{POSTFIX_WARNING}|%{POSTFIX_SMTPD_PROXY}|%{POSTFIX_SMTPD_DISCARD_EHLO}|%{POSTFIX_KEYVALUE} POSTFIX_CLEANUP %{POSTFIX_CLEANUP_MESSAGEID}|%{POSTFIX_CLEANUP_MILTER}|%{POSTFIX_CLEANUP_PREPEND}|%{POSTFIX_WARNING}|%{POSTFIX_KEYVALUE} POSTFIX_QMGR %{POSTFIX_QMGR_INFO}|%{POSTFIX_QMGR_ACTIVE}|%{POSTFIX_QMGR_EXPIRED}|%{POSTFIX_WARNING} POSTFIX_PIPE %{POSTFIX_PIPE_ANY} diff --git a/test/smtpd_0039.yaml b/test/smtpd_0039.yaml index dd61904..90f9b33 100644 --- a/test/smtpd_0039.yaml +++ b/test/smtpd_0039.yaml @@ -1,4 +1,4 @@ pattern: ^%{POSTFIX_SMTPD}$ -data: "discarding EHLO keywords: CHUNKING" +data: "discarding EHLO keywords: CHUNKING ETRN DSN 8BITMIME" results: - postfix_message: "discarding EHLO keywords: CHUNKING" + postfix_discarded_ehlo_keywords: "CHUNKING ETRN DSN 8BITMIME"