Why not just:
.*did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA$
Cheers,
Carl.
On 28/06/06, Steve Holdoway <[EMAIL PROTECTED]> wrote:
To preserve what's left of my sanity, can anyone help me with this logcheck
rule? To ignore messages like this,
Jun 28 06:02:18 server sm-mta[7813]: k5RI2I6g007813: 23-52-175-62.user.auna.net
[62.175.52.23] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during
connection to MTA
I added the following line to /etc/logcheck/ignore.d.server/sendmail:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]:
[[:alnum:]]+:.*did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA$
...and a couple of hours of variations on the theme. Can anyone point out the
glaring error???
Cheers,
Steve
