From 802dba1a1e7ec6297a9da377146762e15364c1b6 Mon Sep 17 00:00:00 2001
From: Fredrik Wahlberg <fredrik@wahlberg.se>
Date: Sat, 14 Sep 2019 16:59:06 +0200
Subject: [PATCH] Opendkim

---
 logcheck_debian | 19 ++++++++++++++++---
 testlog         | 12 ++++++++++++
 2 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/logcheck_debian b/logcheck_debian
index 61a92fd..ac043c9 100644
--- a/logcheck_debian
+++ b/logcheck_debian
@@ -335,13 +335,26 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: ([-._[:alnum:]]+|\[[.[:digit:]]+\]) \[[.[:digit:]]+\] not internal
 
 #Sep 14 02:16:29 nada opendkim[21955]: x8E0GOqX026235: not authenticated
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: not authenticated
+#Sep 14 10:10:49 nada opendkim[21955]: x8E8AjNd008607: no signature data
+#Sep 14 11:30:22 nada opendkim[21955]: x8E9UENg009655: failed to parse Authentication-Results: header field
+
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: (not authenticated|no signature data|failed to parse Authentication-Results: header field)
 
 #Sep 14 02:16:32 nada opendkim[21955]: x8E0GOqX026235: s=default d=achatdesoffres.be SSL
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: s=[[:alnum:]]+ d=[-._[:alnum:]]+ SSL
+#Sep 14 11:30:25 nada opendkim[21955]: x8E9UENg009655: s=selector2-synsam-onmicrosoft-com d=synsam.onmicrosoft.com SSL
+#Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: s=d2048-201806-01 d=linkedin.com SSL
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: s=[-._[:alnum:]]+ d=[-._[:alnum:]]+ SSL
+
+#Sep 14 09:09:27 nada opendkim[21955]: x8E79KnS021433: message has signatures from duolingo.com, amazonses.com
+#Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: message has signatures from linkedin.com, maile.linkedin.com
+#Sep 14 13:47:35 nada opendkim[21955]: x8EBlUbo012372: message has signatures from dezeen.com, cmail2.com
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: message has signatures from [-._[:alnum:]]+, [-._[:alnum:]]+
+
+#Sep 14 14:49:02 nada opendkim[21955]: x8ECmqeD013147: key retrieval failed (s=s1, d=autopay.io): 's1._domainkey.autopay.io' query timed out
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ opendkim\[[[:digit:]]+\]: [[:alnum:]]+: key retrieval failed.*$
 
 #Sep 14 02:16:32 nada sm-mta[26235]: x8E0GOqX026235: Milter insert (1): header: Authentication-Results:  nada.wahlberg.se; dkim=pass\n\treason="1024-bit key; unprotected key"\n\theader.d=achatdesoffres.be header.i=@achatdesoffres.be\n\theader.b=IesLqRjT; dkim-adsp=pass; dkim-atps=neutral
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sm-mta\[[[:digit:]]+\]: [[:alnum:]]+: Milter insert.*dkim.*$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sm-mta\[[[:digit:]]+\]: [[:alnum:]]+: Milter insert.*$
 
 
 
diff --git a/testlog b/testlog
index e7b1a75..bc3f5ed 100644
--- a/testlog
+++ b/testlog
@@ -663,6 +663,18 @@ Sep 14 02:20:37 nada opendkim[21955]: x8E0KXlB026281: [194.36.142.89] [194.36.14
 Sep 14 02:16:29 nada opendkim[21955]: x8E0GOqX026235: not authenticated
 Sep 14 02:16:32 nada opendkim[21955]: x8E0GOqX026235: s=default d=achatdesoffres.be SSL
 Sep 14 02:16:32 nada sm-mta[26235]: x8E0GOqX026235: Milter insert (1): header: Authentication-Results:  nada.wahlberg.se; dkim=pass\n\treason="1024-bit key; unprotected key"\n\theader.d=achatdesoffres.be header.i=@achatdesoffres.be\n\theader.b=IesLqRjT; dkim-adsp=pass; dkim-atps=neutral
+Sep 14 10:10:49 nada opendkim[21955]: x8E8AjNd008607: no signature data
+Sep 14 11:30:22 nada opendkim[21955]: x8E9UENg009655: failed to parse Authentication-Results: header field
+Sep 14 11:30:25 nada opendkim[21955]: x8E9UENg009655: s=selector2-synsam-onmicrosoft-com d=synsam.onmicrosoft.com SSL
+Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: s=d2048-201806-01 d=linkedin.com SSL
+Sep 14 09:09:27 nada opendkim[21955]: x8E79KnS021433: message has signatures from duolingo.com, amazonses.com
+Sep 14 13:12:07 nada opendkim[21955]: x8EBC3io011931: message has signatures from linkedin.com, maile.linkedin.com
+Sep 14 13:47:35 nada opendkim[21955]: x8EBlUbo012372: message has signatures from dezeen.com, cmail2.com
+Sep 14 14:49:02 nada opendkim[21955]: x8ECmqeD013147: key retrieval failed (s=s1, d=autopay.io): 's1._domainkey.autopay.io' query timed out
+Sep 14 09:11:10 nada sm-mta[25556]: x8E7B7XB025556: Milter insert (1): header: DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/simple; d=wahlberg.se; s=nada;\n\tt=1568445070; bh=3dNdeUXHIFaesMqctWAFinzRgsJL9TSbDLvCewPx0AA=;\n\th=Date:From:To:Subject:From;\n\tb=gIqORWzv4XZxTmqEizczws8QzvxSupA5mV7t6zhCAFIa8jU4PsrRLKilbNiJ6mBKM\n\t uPWMejDXtm4II2RHbYU72Hcr4vDTTZ8aWOSMj2dHZkwNJPLk26G2ixyDoiksukjdCa\n\t VermS/GC+QEDNO25OmDzZgRqteI0LcQT+cDubjGs=
+Sep 14 09:11:13 nada sm-mta[25565]: x8E7BAwe025565: Milter insert (1): header: DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/simple; d=wahlberg.se; s=nada;\n\tt=1568445073; bh=Vn+jDXhWi4SpjBLMXfn5MlTvLdSQh+QWMlc8Z9pmuE8=;\n\th=Date:From:To:Subject:From;\n\tb=lHGM6jQWF9rnmhMuIw1Y3ct8X+T7B/CJNuvuMIzJVJWpR6PTMk+gRbu2vGPco0tXi\n\t vL1jYwP2GiqZalfLLyzt4j3o2Sn9Aligb5rHUcYU7lTKNkQZ5eGQouzOMi2CKU0ZPf\n\t OFL7q8Bs2xGzMV9JjDV8QiD4vxRvkgdIPi/2Q1Vw=
+Sep 14 12:11:07 nada sm-mta[11236]: x8EAB551011236: Milter insert (1): header: DKIM-Signature:  v=1; a=rsa-sha256; c=relaxed/simple; d=wahlberg.se; s=nada;\n\tt=1568455867; bh=GIY8aU09T6APltncQro8PoBjOa1v1kjLwTUxODMDLyA=;\n\th=Date:From:To:Subject:From;\n\tb=YU2/l0yia25vJ6cUZTOm7JeHsl5iQQHzrBpsFcexo9lTNyANc7Em9m7UDuleMdcnj\n\t rrMyDym9DL1wDGFuvPtifKf88m2jLW5aH7MzOYSxt1/h5kStQhFzQlGEhnPV9UN0pL\n\t AFaV9+Uo0AzHtOvLJGRqT4F9C7SSLkEOaoHw9hX0=
+
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden