[Logcheck-commits] r1335 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server rulefiles/linux/violations.ignore.d

Tue Nov 14 01:15:40 CET 2006

Author: madduck
Date: 2006-11-14 01:15:40 +0100 (Tue, 14 Nov 2006)
New Revision: 1335

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/postfix
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
Log:
* ignore.d.server/postfix, violations.ignore.d: ignoring more messages about
  rejects the admin does not care about;
  thanks to Russ Allbery (closes: #397097).

Modified: logcheck/trunk/debian/changelog
===================================================================

--- logcheck/trunk/debian/changelog	2006-11-13 23:55:16 UTC (rev 1334)
+++ logcheck/trunk/debian/changelog	2006-11-14 00:15:40 UTC (rev 1335)
@@ -52,8 +52,11 @@
     where transparent proxying is in use. GNUTELLA is one offendant.
   * ignore.d.server/dhclient: filtering send_packet messages which are purely
     informational or redundant without any extra info.
+  * ignore.d.server/postfix, violations.ignore.d: ignoring more messages about
+    rejects the admin does not care about;
+    thanks to Russ Allbery (closes: #397097).
 
- -- martin f. krafft <madduck at debian.org>  Tue, 14 Nov 2006 00:54:50 +0100
+ -- martin f. krafft <madduck at debian.org>  Tue, 14 Nov 2006 01:13:01 +0100
 
 logcheck (1.2.50) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/postfix	2006-11-13 23:55:16 UTC (rev 1334)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/postfix	2006-11-14 00:15:40 UTC (rev 1335)
@@ -5,6 +5,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: removed$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found, try again\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[0-9]+,)? delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred \(delivery temporarily suspended: lost connection with [^[:space:]]+ while sending [[:alnum:]]+( [[:alnum:]]+)?\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[0-9]+,)? delay=[0-9.]+,( delays=[0-9./]+,)?( dsn=4\.[0-9]\.[0-9],)? status=deferred \(delivery temporarily suspended: conversation with [^[:space:]]+ timed out while sending end of data -- message may be sent more than once\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=10:certificate has expired$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=18:self signed certificate$
@@ -69,7 +71,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL command: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_spf_result: unknown SPF result 4 \(unknown\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok)?: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+)*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: exec /usr/bin/procmail\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.[:digit:]]{1,16}:)?(smtp(s)?|25|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-11-13 23:55:16 UTC (rev 1334)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-11-14 00:15:40 UTC (rev 1335)
@@ -28,7 +28,9 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host rejected: Greylisted for [0-9]+ (seconds|minutes)( \(see http://isg.ee.ethz.ch/tools/postgrey/help/[.[:alnum:]-]+.html\))?; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access denied;( from=<[^[:space:]]+> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access denied;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+: 554( 5\.7\.1)? <[^[:space:]]+>: Relay access denied;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: (NOQUEUE|[[:xdigit:]]+): reject: [[:upper:]]+ from [^[:space:]]+: 550( 5\.1\.[01])? <[^[:space:]]+>: (Sender|Recipient) address rejected: User unknown in (local|relay) recipient table;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed:?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: SASL authentication failure: Password verification failed$


