Package: logcheck-database
Version: 1.2.51
Severity: wishlist
Tags: patch
I see that you're preparing a new release, which means I really should stop
tweaking this and send you what I have so far. I'm not sure I've got
everything, but logcheck is now mostly silent on my system. (Most of the
changes are because I'm backup MX for a system that regularly decides to
stop responding to the network and that runs SMTP on a non-standard port.)
Let me know if more rationale for any of these changes is needed. The
Postfix rules need a general overhaul at some point, since I think there
are duplicate rules or rules that are a subset of other rules, but this
should be an incremental improvement.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.8 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
--- logcheck-1.2.51/rulefiles/linux/ignore.d.server/postfix 2006-11-17
09:27:31.000000000 -0800
+++ /etc/logcheck/ignore.d.server/postfix 2006-12-11 13:01:52.000000000
-0800
@@ -3,10 +3,10 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<.*>, status=expired, returned to sender$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
message-id=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
removed$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery
temporarily suspended: connect to [^[:space:]]+: (Connection timed out|read
timeout|Connection refused)\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[0-9]+,)?
delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred
\(delivery temporarily suspended: connect to [^[:space:]]+: (Connection timed
out|read timeout|Connection refused)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery
temporarily suspended: Host or domain name not found. Name service error for
name=[^[:space:]]+ type=MX: Host not found, try again\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[0-9]+,)?
delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred
\(delivery temporarily suspended: lost connection with [^[:space:]]+ while
sending [[:alnum:]]+( [[:alnum:]]+)?\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[0-9]+,)?
delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred
\(delivery temporarily suspended: conversation with [^[:space:]]+ timed out
while sending end of data -- message may be sent more than once\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[0-9]+,)?
delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred
\(delivery temporarily suspended: lost connection with [^[:space:]]+ while
(sending [[:alnum:]]+( [[:alnum:]]+)?|performing the HELO handshake)\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(n?qmgr|smtp)\[[0-9]+\]:
[[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)?
relay=(none|[^[:space:]]+\](:[0-9]+)?),( conn_use=[0-9]+,)? delay=[0-9.]+,(
delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred \((delivery
temporarily suspended: )?conversation with [^[:space:]]+ timed out while
sending ([[:alnum:]]+( [[:alnum:]]+)?|end of data -- message may be sent more
than once)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open
Berkeley db /etc/sasldb: No such file or directory$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=10:certificate has expired$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=18:self signed certificate$
@@ -28,7 +28,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]:
issuer=[[:space:]]*/O=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: OTP unavailable
because can't read/write key database /etc/opiekeys: No such file or directory$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Connection refused \(port [0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Connection (refused|timed out) \(port [0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ No route to host \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Network is unreachable \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ server refused mail service \(port 25\)$
@@ -50,9 +50,9 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: decided
action=DUNNO$
# Postfix < 2.1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+: server dropped connection without sending the initial greeting
\(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=\<.*\>, relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] said:
.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=<.*>,( orig_to=<[^[:space:]]+>,)? relay=[^[:space:]]+\](:[0-9]+)?,(
conn_use=[0-9]+,)? delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)?
status=deferred \(host [^[:space:]]+\] said: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
([0-9a-f.:]{3,39})+: address not listed for hostname [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors
after [[:upper:]]{4} from [._[:alnum:]-]+\[[.[:digit:]]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors
after ([[:upper:]]{4}|UNKNOWN) from [._[:alnum:]-]+\[[.[:digit:]]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
valid_hostname: invalid character [0-9]+\(decimal\): .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
valid_hostname: misplaced delimiter: .$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning:
valid_hostname: empty hostname$
@@ -61,18 +61,19 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: mailer
loop: best MX for [^[:space:]]+ is local$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
enabling PIX <CRLF>\.<CRLF> workaround for .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: malformed
domain name in resource data of CNAME record for [^[:space:]]+: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after
(HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after
(HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE|NOOP) from [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
(resent-|)message-id=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
(resent-|)message-id=.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
hostname: [0-9a-f.:]{3,39}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL
command: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error
from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_spf_result: unknown SPF result 4 \(unknown\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+,
dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from
MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok)?: queued as [0-9A-F]+|, discarded,
UBE, id=[-0-9]+)*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+,
dsn=[0-9.]+,)? status=sent \(250( [0-9.]+)? Ok((, id=[-0-9]+, from
MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok)?: queued as [0-9A-F]+|, discarded,
UBE, id=[-0-9]+)*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=local, delay=[0-9]+, status=sent \(delivered to command: exec
/usr/bin/procmail\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: table
hash:[^[:space:]]+\([-,|_[:alnum:]]+\) has changed -- restarting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL
PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
@@ -89,5 +90,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: peer certificate has no subject CN$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: non-SMTP command from [^[:space:]]+\[[0-9a-f.:]{3,39}\]: .+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/local\[[[:digit:]]+\]:
warning: perhaps you need to create the maildirs in advance$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/trivial-rewrite\[[[:digit:]]+\]: warning: valid_ipv4_hostaddr: invalid
octet count: ?$
# postfix 2.3
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/error\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[.0-9]+,( delays=[.0-9/]+,)?
dsn=[45]\.0\.0, status=bounced \(User unknown in virtual alias table\)$
diff -ru logcheck-1.2.51/rulefiles/linux/violations.ignore.d/logcheck-postfix
/etc/logcheck/violations.ignore.d/logcheck-postfix
--- logcheck-1.2.51/rulefiles/linux/violations.ignore.d/logcheck-postfix
2006-11-17 01:54:01.000000000 -0800
+++ /etc/logcheck/violations.ignore.d/logcheck-postfix 2006-12-11
13:05:15.000000000 -0800
@@ -2,15 +2,15 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
reject: RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your
hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP)
helo=[^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>:
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*>(
to=<[^[:space:]]+>)? proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo command
rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied;
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3}( [0-9]\.[0-9]\.[0-9])?
<[^[:space:]]+>: Relay access denied; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Sender
address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Client
host \[[0-9.]{7,15}\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>: User
unknown in local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
(NOQUEUE|[[:xdigit:]]+): reject: HELO from [^[:space:]]+\[[0-9.]{7,15}\]:
[45][0-9]{2}( [45](\.[0-9]){2})? <[^[:space:]]+>: Helo command rejected: .+;
proto=E?SMTP helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: hostname [^[:space:]]+
verification failed: (Temporary failure in name resolution|Name or service not
known|No address associated with hostname)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:(
smtpd_peer_init:)? [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: hostname [^[:space:]]+
verification failed: (Temporary failure in name resolution|Name or service not
known|No address associated with hostname)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: Peer verification:
CommonName in certificate does not match: [._*[:alnum:]-]+ != [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ said: [45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL
FROM|RCPT TO|(end of )?DATA) command\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\](:[[:digit:]]{1,5})?,
delay=[.0-9]+(, delays=([.0-9]+/){3}[.0-9]+)?(, dsn=[45](\.[0-9]+){2})?,
status=(deferred|bounced|undeliverable) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\]
said: [45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA)
command\)\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\](:[[:digit:]]{1,5})?,(
conn_use=[0-9]+,)? delay=[.0-9]+(, delays=([.0-9]+/){3}[.0-9]+)?(,
dsn=[45](\.[0-9]+){2})?, status=(deferred|bounced|undeliverable) \(host
[._[:alnum:]-]+\[[0-9.]{7,15}\] said: [45][0-9][0-9] .* \(in reply to
(HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [A-Z0-9]+:
to=<[^[:space:]]+>, relay=[^[:space:]]+, delay=[0-9]+, status=deferred \(host
[^[:space:]]+ refused to talk to me: [^[:space:]]+ 554 Access denied\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [A-Z0-9]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,) relay=[^[:space:]]+,
delay=[0-9]+, status=deferred \(host [^[:space:]]+ said: [45][0-9]{2}
<[^[:space:]]+>: Recipient address rejected: Greylisted for [0-9]+
(seconds|minutes)( \(see
http://isg.ee.ethz.ch/tools/postgrey/help/[.[:alnum:]-]+.html\))? \(in reply to
(HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Read
failed in network_biopair_interop with errno=[0-9]+: num_read=[-0-9]+,
want_read=[0-9]+$
@@ -32,6 +32,8 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject:
[[:upper:]]+ from [^[:space:]]+: 554( 5\.7\.1)? <[^[:space:]]+>: Relay access
denied;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP(
helo=<[^[:space:]]+>)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
(NOQUEUE|[[:xdigit:]]+): reject: [[:upper:]]+ from [^[:space:]]+: 550(
5\.1\.[01])? <[^[:space:]]+>: (Sender|Recipient) address rejected: User unknown
in (local|relay) recipient table;( from=<[^[:space:]]*> to=<[^[:space:]]+>)?
proto=E?SMTP( helo=<[^[:space:]]+>)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+,
dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok(, id=[-0-9]+, from
MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded,
UBE, id=[-0-9]+|, DSN sent \(.+\))?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+,
dsn=[0-9.]+,)? status=sent \(250 Ok: queued as [0-9A-F]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL
(LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed:?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: SASL authentication failure: Password verification failed$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/local\[[[:digit:]]+\]:
warning: maildir access problem for UID/GID=[[:digit:]]+/[[:digit:]]+: create
[/.[:alnum:]]+: Permission denied$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
(resent-|)message-id=<?[^>]+>?( \(added by [^[:space:]]+\))?$
diff -ru logcheck-1.2.51/rulefiles/linux/violations.ignore.d/logcheck-ssh
/etc/logcheck/violations.ignore.d/logcheck-ssh
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
