[Logcheck-commits] martin f. krafft: ignore milter-reject messages after RCPT which include the recipient.

Sun Aug 31 19:24:17 UTC 2008

Module: logcheck
Branch: master
Commit: bfce1378d49c78be964011b6e1f0c93905e4b69b
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=bfce1378d49c78be964011b6e1f0c93905e4b69b

Author: martin f. krafft <madduck at debian.org>
Date:   Wed Aug 27 15:02:48 2008 +0100

ignore milter-reject messages after RCPT which include the recipient.

---

 debian/changelog                        |    1 +
 rulefiles/linux/ignore.d.server/postfix |    2 +-
 2 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e8eef7f..f778c32 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,7 @@ logcheck (1.3) unstable; urgency=low
     - ignore new message format for lacking subject CN in peer cert.
     - ignore getting too many errors after END-OF-MESSAGE, not only after four
       letter SMTP commands.
+    - ignore milter-reject messages after RCPT which include the recipient.
   * ignore.d.server/ssh:
     - ignore authentication failures with new PAM format.
   * ignore.d.server/kernel:
diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index c53fbde..819d6d3 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -110,7 +110,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: discard: RCPT from [^[:space:]]+: <[^[:space:]]+>: .+; from=[^[:space:]]+ to=[^[:space:]]+ proto=E?SMTP helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: milter-reject: MAIL from [-._[:alnum:]]+\[[.[:digit:]]+\]: 451 4\.(7\.1 Service unavailable|3\.2 AV system temporarily overloaded) - (please )?try (again )?later; proto=E?SMTP helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: milter-reject: MAIL from [^[:space:]]+: .+; from=[^[:space:]]+ proto=E?SMTP helo=<[^[:space:]]+>$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: milter-reject: RCPT from [-._[:alnum:]]+\[[.[:digit:]]+\]: 554 5\.7\.1 Suspicious recipient address blocked; from=<[^[:space:]]*> proto=E?SMTP helo=<[^[:space:]]+>$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: milter-reject: RCPT from [-._[:alnum:]]+\[[.[:digit:]]+\]: 554 5\.7\.1 Suspicious recipient address blocked; from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=E?SMTP helo=<[^[:space:]]+>$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+: 554( 5\.7\.1)? <[^[:space:]]+>: Relay access denied;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+: 554( [[:digit:]]\.[[:digit:]]\.[[:digit:]])? <[^[:space:]]+>: Client host rejected: Access denied;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+\[[[:digit:].]{7,15}\]: 503 5\.5\.0 <[^[:space:]]+>: Client host rejected: Improper use of SMTP command pipelining; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$


