From 83a80a29ea51d1cb2dc1ce45a33b1d44a8619c9c Mon Sep 17 00:00:00 2001
From: Steven Hiscocks <steven@hiscocks.me.uk>
Date: Sat, 20 Jul 2013 15:34:00 +0100
Subject: [PATCH] ENH: Improve couriersmtp and add sample logs

---
 config/filter.d/couriersmtp.conf | 11 ++++++++++-
 testcases/files/logs/couriersmtp |  8 ++++++++
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 testcases/files/logs/couriersmtp

diff --git a/config/filter.d/couriersmtp.conf b/config/filter.d/couriersmtp.conf
index 6c0cf5ff..65ffa5d7 100644
--- a/config/filter.d/couriersmtp.conf
+++ b/config/filter.d/couriersmtp.conf
@@ -4,8 +4,17 @@
 #
 #
 
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
 [Definition]
 
+_daemon = courieresmtpd
+
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
@@ -13,7 +22,7 @@
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = error,relay=<HOST>,.*550 User unknown
+failregex = ^%(__prefix_line)serror,relay=<HOST>,.*: 550 User unknown\.$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/testcases/files/logs/couriersmtp b/testcases/files/logs/couriersmtp
new file mode 100644
index 00000000..212df3b4
--- /dev/null
+++ b/testcases/files/logs/couriersmtp
@@ -0,0 +1,8 @@
+# failJSON: { "time": "2005-04-10T03:47:57", "match": true , "host": "1.2.3.4" }
+Apr 10 03:47:57 web courieresmtpd: error,relay=::ffff:1.2.3.4,ident=tmf,from=<tmf@example.com>,to=<mailman-subscribe@example.com>: 550 User unknown.
+# failJSON: { "time": "2005-07-06T03:42:28", "match": true , "host": "1.2.3.4" }
+Jul  6 03:42:28 whistler courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<admin at memcpy>: 550 User unknown.
+# failJSON: { "time": "2004-11-21T23:16:17", "match": true , "host": "1.2.3.4" }
+Nov 21 23:16:17 server courieresmtpd: error,relay=::ffff:1.2.3.4,from=<>,to=<>: 550 User unknown.
+# failJSON: { "time": "2004-08-14T12:51:04", "match": true , "host": "1.2.3.4" }
+Aug 14 12:51:04 HOSTNAME courieresmtpd: error,relay=::ffff:1.2.3.4,from=<firozquarl@aclunc.org>,to=<BOGUSUSER@HOSTEDDOMAIN.org>: 550 User unknown.