[Logcheck-devel] Bug#368318: logcheck-database: update for postfix violations ignore rule

[Martin Lohmeier]

Package: logcheck-database
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

there is little problem with one rule in violations.ignore.d/logcheck-postfix.
The rule is only for the host sythos.net and the delay need to be variable (it's
possible that the retry happen before 300 seconds are over).
I don't have an example because on my site only recipients are greylisted.

The attached patch is against the latest cvs version.

bye, Martin

- -- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (900, 'testing'), (100, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.1
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEcFhrOvJj+wS6JuIRAo4lAKCptk4LGmgBi4sldoHqyxiB0gidJwCfVyGr
an2SJNS0VoSUFylSa75z1XQ=
=ORmv
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: logcheck-postfix
===================================================================
RCS file: /cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-postfix,v
retrieving revision 1.23
diff -u -r1.23 logcheck-postfix
--- logcheck-postfix	11 Jul 2005 14:41:26 -0000	1.23
+++ logcheck-postfix	21 May 2006 12:05:55 -0000
@@ -22,6 +22,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate verification failed for [^[:space:]]+: num=27:certificate not trusted$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: [[:digit:]]+ dNSNames in certificate found, but none matches
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: CommonName mis-match:( [._[:alnum:]-]+)?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host rejected: Greylisted for 300 seconds \(see http://isg.ee.ethz.ch/tools/postgrey/help/sythos.net.html\); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host rejected: Greylisted for [0-9]+ seconds \(see http://isg.ee.ethz.ch/tools/postgrey/help/.*.html\); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$