Hi, I've recently 'inherited' a spam filtering machine which is using logcheck, and there is one security event which happens reasonably frequently, but I can't figure out how to ignore. Coming from postfix, I get messages like this:
Sep 2 05:38:10 spamFilter postfix/cleanup[30479]: 7E38AABB27: reject: header Received: from 201-67-127-134.pvoce702.dsl.brasiltelecom.net.br (201-67-127-134.pvoce702.dsl.brasiltelecom.net.br [201.67.127.134])??by spamFilter.xxxx (Postfix) with ESMTP id 7E38AABB27??for < from 201-67-127-134.pvoce702.dsl.brasiltelecom.net.br[201.67.127.134]; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo=<201-67-127-134.pvoce702.dsl.brasiltelecom.net.br>: Message content rejected At first I added the following rule to /etc/logcheck/ignore.d.server/postfix (I'm using REPORTLEVEL="server"): ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: reject:.*$ This of course didn't help, and it occurred to me that the word 'reject' was causing it to be seen as a security violation, so I added the same line to /etc/logcheck/violations.ignore.d/logcheck-postfix; that didn't help either. (I guess I should really add rules to some extra custom file rather than modifying the existing ones, but that hadn't occurred to me at the time.) The expression does match the offending messages (using grep -E), so I' unsure what I should be trying now. I don't want to mess with the system too much because I'm still learning how it works, but if anybody could point out an oversight I've made (or even a total misunderstanding!), I would be grateful. Thanks for your time, Aneurin Price _______________________________________________ Logcheck-users mailing list Logcheck-users@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-users