diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2007-01-23 18:57:13 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2007-01-23 18:57:13 +0000 |
| commit | 10353fd0f09ce17397aa9bfdced6155498817f62 (patch) | |
| tree | 780c2604ed19f601e1c6e63c849b146fd6f006a4 /logcheck/cracking.ignore.d/local-postfix | |
| parent | c7cca9df06e8b42ea93c8f1067b5f06393af9cf8 (diff) | |
Add postfix bad-word exclusion.
Diffstat (limited to 'logcheck/cracking.ignore.d/local-postfix')
| -rw-r--r-- | logcheck/cracking.ignore.d/local-postfix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/logcheck/cracking.ignore.d/local-postfix b/logcheck/cracking.ignore.d/local-postfix new file mode 100644 index 0000000..6419b51 --- /dev/null +++ b/logcheck/cracking.ignore.d/local-postfix @@ -0,0 +1,4 @@ +# Suspiciously worded hostname or email address is not a security thread +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(attack|nested)[^>]*>.*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|nested)[^[:space:]]* has a valid A record$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp+\[[0-9]+\]: connect to [^[:space:]]*(attack|nested)[^[:space:]]*:.*$ |