[Logcheck-devel] [PATCH] Added more versions of "SASL authentication failure" postfix rule

Thu, 24 Jan 2008 17:42:42 -0800 

Here are two more error messages that can occur with a screwed-up
DIGEST-MD5 authentication.  (And I'm sure there are many more.)

(BTW, just for the record, the preceding SASL rule should ideally be
case-insensitive.)


Signed-off-by: Frédéric Brière <[EMAIL PROTECTED]>
---
 .../linux/violations.ignore.d/logcheck-postfix     |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/rulefiles/linux/violations.ignore.d/logcheck-postfix 
b/rulefiles/linux/violations.ignore.d/logcheck-postfix
index 926f1ee..6f827ad 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-postfix
+++ b/rulefiles/linux/violations.ignore.d/logcheck-postfix
@@ -39,7 +39,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? 
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, 
dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from 
MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok)?: queued as [0-9A-F]+|, discarded, 
UBE, id=[-0-9]+)*|, DSN muted \([45][0-9][0-9] [45](\.[0-9]){2} .+\)\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* 
relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, 
dsn=[0-9.]+,)? status=sent \(250 Ok: queued as [0-9A-F]+\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL 
(LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed(:[ [:alnum:]]*)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
warning: SASL authentication failure: Password verification failed$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: 
warning: SASL authentication failure: (Password verification failed|required 
parameters missing|realm changed: authentication aborted)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/local\[[[:digit:]]+\]: 
warning: maildir access problem for UID/GID=[[:digit:]]+/[[:digit:]]+: create 
[/.[:alnum:]]+: Permission denied$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: 
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? 
relay=local, delay=[0-9.]+(, delays=([.0-9]+/){3}[.0-9]+)?(, 
dsn=[45](\.[0-9]+){2})?, status=(deferred|bounced) \(.+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:upper:]0-9]+: 
reject: header [^[:space:]]+:.+ from=<[^[:space:]]*>( to=<[^[:space:]]+>)? 
proto=E?SMTP helo=<[^[:space:]]+>: .+$
-- 
1.5.3.8


_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to