diff options
Diffstat (limited to 'logcheck/violations.ignore.d/postfix')
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 61450ce..af23cc2 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -34,7 +34,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in RCPT command: .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:( smtpd_peer_init:)? [\.0-9]+: hostname [^[:space:]]+ verification failed: (Name or service not known|Temporary failure in name resolution)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]|NOQUEUE]+: reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$ # Suspicious words within email addresses are ok ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|helo|message\-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|refused)[^>]*>.*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|refused)[^[:space:]]* has a valid A record$ |