From e2e516afb39fd95aef3e9a444492a196c2a79455 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 18 Jul 2006 13:13:45 +0000
Subject: Update regex for postfix remote refusals, due to improved logging in
 postfix 2.3.

---
 logcheck/violations.ignore.d/local   | 5 +++--
 logcheck/violations.ignore.d/postfix | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'logcheck')

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index aec4212..d93bde7 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -47,17 +47,18 @@
 
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?421 Fork failed +\(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 <[^[:space:]]+>: Client host rejected: may not be mail exchanger +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 Client host rejected: cannot find your hostname, \[[\.0-9]+\] +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 <[^[:space:]]+>: Client host rejected: may not be mail exchanger +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?521 [^[:space:]]+ access denied +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: (Blocked|Use an authorized relay)|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)|This system is configured to reject mail from [^[:space:]]+ \[[\.0-9]+\] \((DNS reverse lookup failed|Host blacklisted - Found on Realtime Black List server '[^[:space:]]+')\)) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?554 ([\.0-9]+ )?<[^[:space:]]+>: Client host rejected: (Access denied|No mail accepted from you|Reject Dynamic ip|spam source) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?554 (Access denied|Client host rejected: cannot find your hostname.*|(IP|Unwelcome) connection rejected\.|Transaction Failed( Listed in deny list\.)?|#5\.5\.4 Relaying denied\. IP name lookup failed for [\.0-9]+) +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: ((to|relay|delay|delays|dsn)=[^[:space:]]+, )+ status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 550 <[^[:space:]]+>: (Recipient|Sender) address rejected: .* \(in reply to RCPT TO command\)\)$
+
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ +550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/cgi-bin/block_lookup\?[\.0-9]+  \)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: (550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/cgi-bin/block_lookup\?[\.0-9]+|[^[:space:]]+ +)?554 (Access denied|#5\.5\.4 Relaying denied\. IP name lookup failed for [\.0-9]+)  \)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\)|554 <[^[:space:]]+\[[\.0-9]+\]>: Client host rejected: No mail accepted from you)$
 
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: (Recipient|Sender) address rejected: .* \(in reply to RCPT TO command\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=7:certificate signature failure$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: Read failed in network_biopair_interop with errno=[0-9-]+: num_read=[0-9-]+, want_read=[0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 78eb748..6621eac 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -16,19 +16,20 @@
 # Too much spam refuse to eat their own shit
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?421 Fork failed +\(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 <[^[:space:]]+>: Client host rejected: may not be mail exchanger +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 Client host rejected: cannot find your hostname, \[[\.0-9]+\] +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?450 <[^[:space:]]+>: Client host rejected: may not be mail exchanger +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?521 [^[:space:]]+ access denied +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: (Blocked|Use an authorized relay)|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)|This system is configured to reject mail from [^[:space:]]+ \[[\.0-9]+\] \((DNS reverse lookup failed|Host blacklisted - Found on Realtime Black List server '[^[:space:]]+')\)) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?554 ([\.0-9]+ )?<[^[:space:]]+>: Client host rejected: (Access denied|No mail accepted from you|Reject Dynamic ip|spam source) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: ([^[:space:]]+ +)?554 (Access denied|Client host rejected: cannot find your hostname.*|(IP|Unwelcome) connection rejected\.|Transaction Failed( Listed in deny list\.)?|#5\.5\.4 Relaying denied\. IP name lookup failed for [\.0-9]+) +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: ((to|relay|delay|delays|dsn)=[^[:space:]]+, )+ status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 550 <[^[:space:]]+>: (Recipient|Sender) address rejected: .* \(in reply to RCPT TO command\)\)$
+
 # Ignore blacklisting due to being dynamic - or without explaining/hinting at all
 ## Grr - could've been a single rule if only logcheck supported custom classes
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ +550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/cgi-bin/block_lookup\?[\.0-9]+  \)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: (550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/cgi-bin/block_lookup\?[\.0-9]+|[^[:space:]]+ +)?554 (Access denied|#5\.5\.4 Relaying denied\. IP name lookup failed for [\.0-9]+)  \)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\)|554 <[^[:space:]]+\[[\.0-9]+\]>: Client host rejected: No mail accepted from you)$
 
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: (Recipient|Sender) address rejected: .* \(in reply to RCPT TO command\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=7:certificate signature failure$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: Read failed in network_biopair_interop with errno=[0-9-]+: num_read=[0-9-]+, want_read=[0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
-- 
cgit v1.2.3