# http://www.berklix.com/~jhs/dots/.procmailrc_system_logs # ~jhs/.procmailrc_system_logs included by ~jhs/.procmailrc ARC_PRI_SYSTEMS=$ARC_PRI/systems.LN :0 Hw * ^Subject: Ping mail to monitor connectivity. # | $RCVSTORE +cron/ping_mail cron/ping_mail/. :0 Hw * ^Subject: Cron \ /usr/libexec/save-entropy | $RCVSTORE +cron/save-entropy :0 Hw * ^Subject: /etc/rc.local lap(h|o|r|s) gbde.sh * ^From: Root \ do-A * ^Subject: Cron do- * ^From: Cron Daemon * ^To: sms@land.berklix.org { :0 Bw * ^Doing CTMname | $RCVSTORE +cron/ctm/name } :0 Hw * ^Subject: Returned mail: see transcript for details * ^From: Mail Delivery Subsystem * ^To: | $RCVSTORE +cron/ctm/delivery :0 Hw * ^(To|Cc): root@(mailman(|[1-2])|land|slim).berklix.org * ^From: \"Root@(mailman(|[1-2])|land|slim).berklix.org\" \ * ^Subject: (|cron: )(|(webmail|land|slim|js).)(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon).(com|de|eu|net|org|uk) (|(daily|weekly) )security run output { :0 Hw * From: \"Root@(mailman(|[1-2])|land|slim).berklix.org\" \ { :0 cw | $RCVSTORE +cron/security/remote :0 w $ARC_PRI_SYSTEMS/cron/security/remote/. # Archive for autopsies. } :0 Hw * From: .+@[a-z]+.js.berklix.net { :0 cw | $RCVSTORE +cron/security/local :0 w $ARC_PRI_SYSTEMS/cron/security/local/. # Archive for autopsies. } } :0 Hw * ^Subject:.*(cron: |)[a-z]+.js.berklix.net (|(daily|weekly) )security run output { :0 cwH # Only look at some, not all. * ^Subject:.*cron: (park|fire).js.berklix.net security run | $RCVSTORE +cron/security :0 w # Archive all for autopsies. $ARC_PRI_SYSTEMS/cron/security/. } :0 Hw # JJLATER might FAIL: * ^Subject:.*cron: [[:alpha:]]+.(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon).(com|de|eu|net|org|uk) daily run output # An unpatched fresh installed system does not have my "cron: " * ^Subject:.*(cron: |)[a-z]+.(js.berklix.net|(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon).(com|de|eu|net|org|uk)) daily run output { :0 H * From: \"Root@(mailman(|[1-2])|land|slim).berklix.org\" \ { :0 cw | $RCVSTORE +cron/daily/remote :0 w $ARC_PRI_SYSTEMS/cron/daily/remote/. # Archive for autopsies. } :0 H * From: .+@[a-z]+.js.berklix.net { :0 cw | $RCVSTORE +cron/daily/local :0 w $ARC_PRI_SYSTEMS/cron/daily/local/. # Archive for autopsies. } } :0 Hw * ^To: (root|jhs)@(land|slim).berklix.org * ^Subject: bin/.sh/varmail_check.sh (land|slim) { :0 cw | $RCVSTORE +cron/daily/remote :0 w $ARC_PRI_SYSTEMS/cron/daily/remote/. # Archive for autopsies. } :0 Hw # Run By Crontab: * ^Subject: Cron /home/jhs/bin/.sh/svnsync.sh # Run By Hand: * ^Subject: Cron: svnsync.sh * ^Subject: Cron (|) (|/home/jhs/bin/.sh/)svnsync.sh { :0 cw | $RCVSTORE +cron/daily/remote :0 w $ARC_PRI_SYSTEMS/cron/daily/remote/. # Archive for autopsies. } :0 Hw * ^Subject: Cron \ /home/jhs/bin/.sh/clean_spam | $RCVSTORE +cron/daily :0 Hw * ^Subject: Cron \ /home/jhs/bin/.sh/ports_index | $RCVSTORE +cron/weekly :0 Hw * ^Subject:.*(cron: |)[a-z]+.(js.berklix.net|(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon).(com|de|eu|net|org|uk)) weekly run output { :0 cw | $RCVSTORE +cron/weekly :0 w $ARC_PRI_SYSTEMS/cron/weekly/. # Archive for autopsies. } :0 Hw * ^Subject:.*(cron: |)[a-z]+.(js.berklix.net|(berklix|bsdpie|exitbrexit|geoffharries|reinheitsgebot|surfacevision|the-phoney-photon).(com|de|eu|net|org|uk)) monthly run output { :0 cw | $RCVSTORE +cron/monthly :0 w $ARC_PRI_SYSTEMS/cron/monthly/. # Archive for autopsies. } :0 Hw * ^Subject:.*Cron \ /home/jhs/bin/.sh/web_cp_remote { :0 cw | $RCVSTORE +cron/web_cp_remote :0 w $ARC_PRI_SYSTEMS/cron/web_cp_remote/. # Archive for autopsies. } :0 Hw * ^Subject: (|Cron(|:) \) /home/jhs/bin/.sh/web_cp_local_daily | $RCVSTORE +cron/web_cp_local_daily :0 Hw * ^Subject: (|Cron(|:) \) /home/jhs/bin/.sh/web_cp_local_monthly | $RCVSTORE +cron/web_cp_local_monthly :0 Hw * ^Subject: (|Cron(|:) \) /home/jhs/bin/.sh/web_cp_local_weekly | $RCVSTORE +cron/web_cp_local_weekly :0 Hw * ^Subject: Cron \ /home/jhs/bin/.sh/web_serve_check { :0 Bw * Failed on host www { :0 cw | $RCVSTORE +cron/web_serve_check # Alert blue in Exmh with $RCVSTORE :0 w $ARC_PRI_SYSTEMS/cron/web_serve_check/. # Archive for autopsies. } :0 Bw * ^Successful $ARC_PRI_SYSTEMS/cron/web_serve_check/. # Archive for autopsies. } :0 Hw # Subject:.*Cron \ /home/jhs/bin/.sh/mbmon.sh * ^Subject:.*Cron \ /usr/sbin/ntpdate ntp1.t-online.de * ^Subject:.*Cron \ /usr/sbin/ntpdate ntp1.t-online.de * /usr/sbin/ntpdate ntp1.t-online.de { :0 cw | $RCVSTORE +cron/ntpdate :0 w $ARC_PRI_SYSTEMS/cron/ntpdate/. # Archive for autopsies. } :0 Hw # * ^Subject: Cron \ \ /usr/local/etc/rc.d/apache(|.sh) restart # Double space in subject. * ^From: root@(mart|park).js.berklix.net \(Cron Daemon\) | $RCVSTORE +cron/apache :0 Hw * ^Subject: Cron.+fetchmail # Subject: Cron /home/jhs/bin/.sh/fetchmail.sh # (lapr|dell) crontab calls /usr/local/bin/fetchmail # To: jhs@berklix.com { :0 Bw * ping: sendto: No route to host # | $RCVSTORE +error/fetchmail $SWITCH_NULL_NO_RCVSTORE } :0 Hw * ^Subject: Cron (/home/jhs/bin/.sh/fetchmail(|\-if\-fs).sh|/usr/local/bin/fetchmail) * ^From: (jhs@berklix.com \(Cron Daemon\)|Cron Daemon ) # At Holz I had: jhs@mart # On (lapr|dell).(no|xx).berklix.net I see: Cron Daemon * ^(To|Cc): (jhs|mk)@((lapr|dell).(no|xx).berklix.net|berklix.com) { :0 Bw * ping: sendto: No route to host # | $RCVSTORE +error/fetchmail $SWITCH_NULL_NO_RCVSTORE :0 H # Discard all to mk@ (& any others except jhs). * !^From: jhs@berklix.com $SWITCH_NULL_NO_RCVSTORE :0 Bw # This message occurs if host is up, but popd not running, # or if transmission fails (at which I): # ssh slim # cd /var/mail ; mv jhs-pop ~jhs/ ; chown jhs ~jhs/jhs-pop # sftp slim ... get jhs-pop # cat jhs-pop >> /var/mail/jhs ; procmail.sh * ^POP3 connection to (webmail|land|slim).berklix.org failed: Connection refused | $RCVSTORE +error/fetchmail :0 Bw * ^fetchmail: socket error while fetching from jhs-pop@(slim|land).berklix.org * ^fetchmail: Query status=2 \(SOCKET\) | $RCVSTORE +error/fetchmail :0 Bw * ^POP3 connection to [a-z0-9\.\-]+.berklix.org failed: Operation timed out * ^fetchmail: Query status=2 \(SOCKET\) | $RCVSTORE +error/fetchmail :0 Bw * ping: sendto: No buffer space available | $RCVSTORE +error/buffer :0 Bw * ^ping: sendto: Permission denied | $RCVSTORE +error/fetchmail :0 Bw * fetchmail: can\'t poll specified hosts with another fetchmail running at # brackets.c /* ' */ | $RCVSTORE +error/fetchmail :0 Bw * ^fetchmail: timeout after [0-9]+ seconds waiting for server ([a-z]+.berklix.org|pop.1and1.co.uk). | $RCVSTORE +error/fetchmail :0 Bw * ^fetchmail: SMTP error: 550 5.0.0 \<[a-z0-9\.\-_]+@[a-z0-9\.\-]+\>\.\.\. Access denied http://www.berklix.com/~jhs/phone/access/ | $RCVSTORE +error/fetchmail :0 Bw * ^fetchmail: another foreground fetchmail is running at [0-9]+\. | $RCVSTORE +error/fetchmail :0 Bw * ^fetchmail: can''t find a password for (jhs|mk|jhsmk|mkjhs|ak)@(webmail|land|slim).berklix.org | $RCVSTORE +error/fetchmail :0 Bw # These messages occured when slim was still connected, but # connection froze to for maybe some sec half a min to BSN hosts # 1 packets transmitted, 0 packets received, 100% packet loss # 1 packets transmitted, 1 packets received, 0% packet loss * ^1 packets transmitted, (0|1) packets received, (|10)0% packet loss | $RCVSTORE +error/fetchmail :0 Bw # Gate or Travelling Laptop Off Line * ^ping: cannot resolve berklix.org: Host name lookup failure # | $RCVSTORE +error/no_resolv /dev/null :0 Bw # Noise from pop.1and1.co.uk * ^fetchmail: Server certificate verification error: unable to get local issuer certificate * ^fetchmail: Server certificate verification error: certificate not trusted # If I want exmh to turn blue: # | $RCVSTORE +error/fetchmail/certificate # If I want to just save in directory but not turn blue: # error/fetchmail/certificate/. # Discard, as too many. $SWITCH_NULL_NO_RCVSTORE :0 Bw # Noise from pop.1and1.co.uk # Rule added 2014_11_07 * ^fetchmail: Server certificate verification error: self signed certificate in certificate chain * ^fetchmail: Server certificate verification error: certificate signature failure $SWITCH_NULL_NO_RCVSTORE } :0 Hw * ^Subject: reboot * ^From: (|\")Root(|@((webmail|land|slim).berklix.org|[a-z]*.js.berklix.net))(|\") \ * (To|Cc): root@((webmail|land|slim).berklix.org|[a-z]*.js.berklix.net) { :0 Bw * ^Reboot of ((webmail|land|slim).berklix.org|[a-z]*.js.berklix.net) | $RCVSTORE +cron/reboot } :0 Hw * ^Subject: /etc/rc.local: (lapr|dell) check: # ^Subject: /etc/rc.local: (lapr|dell) check: mount grep /media # ^Subject: /etc/rc.local: (lapr|dell) check: du -s -k /media # ^Subject: /etc/rc.local: (lapr|dell) check: ls -1 /media * From: Root * (To|Cc): root@(localhost|lapr|dell).(js|no).berklix.net | $RCVSTORE +cron/rc.local :0 Hw * ^Subject: /etc/rc.local: (lapr|dell) reboot | $RCVSTORE +cron/reboot :0 Hw # Local Internal * ^Subject: files updated by rdist from fire to * ^From: rdist@berklix.co[m] \(Remote distribution program\) * ^(To|Cc): jhs@berklix.co[m] | $RCVSTORE +cron/rdist/to-gate :0 Hw # Gate To Remote * ^Subject: files updated by rdist from (park|mart) to (webmail|land|slim) * ^From: rdist@(|js.)berklix.(com|de|eu|net|org|uk) \(Remote distribution program\) * ^(To|Cc): jhs@(|js.)berklix.(com|de|eu|net|org|uk) | $RCVSTORE +cron/rdist/to-remote :0 Hw # Internet Servers Crontab * ^From: (|Cron Daemon \<)root@(mailman(|[1-2])|land|slim).berklix.org # JJLATER find what causes this difference seen 2019-06-20: # From: root@slim.berklix.org (Cron Daemon) # From: Cron Daemon * ^(To|Cc): root@(mailman(|[1-2])|land|slim).berklix.org * ^Subject: Cron /usr/local/bin/rdist6 | $RCVSTORE +cron/rdist/remote :0 Hw # /etc/crontab Remote 3 x 3 mails per run. * ^From: rdist@(webmail|land|slim).berklix.org \(Remote distribution program\) * ^(To|Cc): jhs@(webmail|land|slim).berklix.org * ^Subject: files updated by rdist from (webmail|land|slim) to (webmail|land|slim) | $RCVSTORE +cron/rdist/remote # JJLATER Does this still collect stuff ? :0 Hw * ^Subject: Export file of your telephone contacts { :0 Bw * ^The attachment contains the telephone contacts exported from your device | $RCVSTORE +cron/router/xml } :0 Hw * ^From: Cron Daemon * ^To: jhs@berklix.com * ^Subject: Cron /usr/local/bin/fetchmail { :0 Bw * ^fetchmail: No mail for jhs@uk28.(com|net) at pop.1and1.co.uk $SWITCH_NULL_NO_RCVSTORE :0 Bw * [0-9]+ messages for jhs@uk28.(com|net) at pop.1and1.co.uk \([0-9]+ octets\). $SWITCH_NULL_NO_RCVSTORE :0 Bw * ^fetchmail: No mail for jhs-pop at (slim|land).berklix.org $SWITCH_NULL_NO_RCVSTORE :0 Bw * ^[0-9]+ message(|s) for jhs-pop at slim.berklix.org (6950 octets). $SWITCH_NULL_NO_RCVSTORE } :0 Hw * ^Subject: (|Cron )/home/jhs/bin/.sh/git-pull.sh # Cron is optional as sometimes I call manually | $RCVSTORE +cron/git-pull