Hi,
I've recently 'inherited' a spam filtering machine which is using
logcheck, and there is one security event which happens reasonably
frequently, but I can't figure out how to ignore. Coming from postfix,
I get messages like this:
Sep 2 05:38:10 spamFilter postfix/cleanup[30479]: 7E38AABB27: reject:
header Received: from 201-67-127-134.pvoce702.dsl.brasiltelecom.net.br
(201-67-127-134.pvoce702.dsl.brasiltelecom.net.br
[201.67.127.134])??by spamFilter.xxxx (Postfix) with ESMTP id
7E38AABB27??for < from
201-67-127-134.pvoce702.dsl.brasiltelecom.net.br[201.67.127.134];
from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP
helo=<201-67-127-134.pvoce702.dsl.brasiltelecom.net.br>: Message
content rejected
At first I added the following rule to
/etc/logcheck/ignore.d.server/postfix (I'm using
REPORTLEVEL="server"):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]:
[[:alnum:]]+: reject:.*$
This of course didn't help, and it occurred to me that the word
'reject' was causing it to be seen as a security violation, so I added
the same line to /etc/logcheck/violations.ignore.d/logcheck-postfix;
that didn't help either.
(I guess I should really add rules to some extra custom file rather
than modifying the existing ones, but that hadn't occurred to me at
the time.)
The expression does match the offending messages (using grep -E), so
I' unsure what I should be trying now. I don't want to mess with the
system too much because I'm still learning how it works, but if
anybody could point out an oversight I've made (or even a total
misunderstanding!), I would be grateful.
Thanks for your time,
Aneurin Price
_______________________________________________
Logcheck-users mailing list
Logcheck-users@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-users
