[Logcheck-users] Any Ideas ?
Ulrich Huber
ulrich.huber at heureka.co.at
Thu Jul 24 10:42:25 UTC 2008
Hello...
I still find messages like these in my inbox
Security Events
=-=-=-=-=-=-=-=
Jul 24 10:23:47 mail amavis[1515]: (01515-04) Passed BAD-HEADER, [77.45.19.251] <n4vji at alaweb.com> -> <user at domain>, quarantine: badh-Ovuc-BN+aDU3, Message-ID: <20071024122614.2732.qmail at home>, mail_id: Ovuc-BN+aDU3, Hits: -, queued_as: 250 OK id=1KLw6z-0001NF-LO, 4542 ms
I already tried to get rid of them by editing violations.ignore.d/logcheck-amavisd-new an inserting the following line:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed BAD-HEADER, \[[.[:digit:]]{7,15}\] \[[.[:digit:]]{7,15}\] <[^>]+> -> <[^>]+>, quarantine: badh-([[:alnum:]]+), Message-ID: <[^>]+>, mail_id: \1, Hits: -, queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
System Events
=-=-=-=-=-=-=
Jul 24 10:33:49 mail amavis[1515]: (01515-06) (!) FWD via SMTP: <yrieuhnxe at yyu.edu.tr> -> user at domain, 451 4.6.0 Failed, id=01515-06, from MTA([127.0.0.1]:10025): 451 Please try again later
for this, logcheck/ignore.d..server/amavisd.new contains:
^w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)? \(\!\) FWD via SMTP: \<\> \-\> \<[._[:alnum:]-]+\>\, 451 4.6.0 Failed, id= \([-[:digit:]]+\)\, from MTA([127.0.0.1]:10025): 451 Please try again later$
^w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)? \(\!\) FWD via SMTP: \<\> \-\> \<[._[:alnum:]-]+\>\, 550 4.6.0 Failed, id= \([-[:digit:]]+\)\, from MTA([127.0.0.1]:10025): 550 Rejected$
Where did I make my (usual) mistake ?
Thanks for help.....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20080724/4257f388/attachment.htm
More information about the Logcheck-users
mailing list