[Logcheck-users] Postfix rule that doesn't works?
Elmar Hoffmann
debian-logcheck-users-ml at elho.net
Tue Oct 17 17:57:40 UTC 2006
Hi,
on Thu, Oct 12, 2006 at 19:03:58 +0200, Benjamí Villoslada wrote:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
> reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>: User
> unknown in
> local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|
> SMTP) helo=<[^[:space:]]+>$
>
> Seems that should filter messages like this:
>
> Oct 12 02:23:10 localhost postfix/smtpd[20827]: NOQUEUE: reject: RCPT from
> mxhub02.xxx.net[212.9.65.112]: 550 5.1.1 <Johnie.Call at xxx.net>: Recipient
> address rejected: User unknown in local recipient table; from=<>
> to=<Johnie.Call at xxx.net> proto=ESMTP helo=<mailhub02a.xxx.net>
The "Recipient address rejected:" part ist not covered by above regex.
That aside, two things that caught my eye 'E?SMTP' is simpler than
'(ESMTP|SMTP)' and you probably should make the '<.+>' more specific
(like the other ones).
elmar
--
.'"`. /"\
| :' : Elmar Hoffmann <elho at elho.net> ASCII Ribbon Campaign \ /
`. `' GPG key available via pgp.net against HTML email X
`- & vCards / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20061017/563105d3/attachment.pgp
More information about the Logcheck-users
mailing list