[Logcheck-commits] martin f. krafft: ignore getting too many errors after END-OF-MESSAGE, not only after four letter SMTP commands.
Martin F. Krafft
madduck at alioth.debian.org
Sun Aug 31 19:24:17 UTC 2008
Module: logcheck
Branch: master
Commit: 6708a4de6f10de8902d93b908105c097a0c8972e
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=6708a4de6f10de8902d93b908105c097a0c8972e
Author: martin f. krafft <madduck at debian.org>
Date: Wed Aug 27 15:01:30 2008 +0100
ignore getting too many errors after END-OF-MESSAGE, not only after four letter SMTP commands.
---
debian/changelog | 2 ++
rulefiles/linux/ignore.d.server/postfix | 2 +-
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index e8bd5ed..e8eef7f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,8 @@ logcheck (1.3) unstable; urgency=low
- added rule to ignore "SSL23_GET_CLIENT_HELLO:unknown protocol"
messages.
- ignore new message format for lacking subject CN in peer cert.
+ - ignore getting too many errors after END-OF-MESSAGE, not only after four
+ letter SMTP commands.
* ignore.d.server/ssh:
- ignore authentication failures with new PAM format.
* ignore.d.server/kernel:
diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index 22e7a7e..c53fbde 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -132,7 +132,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: fingerprint=([[:digit:]A-F]{2}:){15}[[:digit:]A-F]{2}$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: lost connection after [[:upper:]]+( \([[:digit:]]+ bytes\))? from [._[:alnum:]-]+\[(unknown|[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3})\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: timeout after [-[:upper:]]+( \([[:digit:]]+ bytes\))? from [^[:space:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: too many errors after ([[:upper:]]{4}|UNKNOWN) from [._[:alnum:]-]+\[[.[:digit:]]+\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: too many errors after ([[:upper:]]{4}|END-OF-MESSAGE|UNKNOWN) from [._[:alnum:]-]+\[[.[:digit:]]+\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: ([-._[:alnum:]]+): RBL lookup error: Host or domain name not found\. Name service error for name=\1 type=A: Host not found, try again$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: ([[:digit:]a-f.:]{3,39})+: address not listed for hostname [^[:space:]]+$
More information about the Logcheck-commits
mailing list