diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2006-01-14 13:33:51 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2006-01-14 13:33:51 +0000 |
| commit | ae7b406640a9428b1e12b099a21e5c22634e564b (patch) | |
| tree | 27bd9a2bfd9537e6ff213ff0df390b5dd7cfc4ff /logcheck/violations.ignore.d/amavisd-new | |
| parent | f58cec49f815b2170f28b70c058730767dc5aac7 (diff) | |
Fix and extend ignoring remote uncooperative smtp servers. Disable most old amavisd-new violation rules and add one when BAD_HEADER is accepted.
Diffstat (limited to 'logcheck/violations.ignore.d/amavisd-new')
| -rw-r--r-- | logcheck/violations.ignore.d/amavisd-new | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/logcheck/violations.ignore.d/amavisd-new b/logcheck/violations.ignore.d/amavisd-new index a3f29b2..5f51293 100644 --- a/logcheck/violations.ignore.d/amavisd-new +++ b/logcheck/violations.ignore.d/amavisd-new @@ -1,9 +1,10 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) SPAM, <[^[:space:]]*> -> <[^[:space:]]*>, (No|Yes), hits=[\.0-9-]+ tagged_above=[\.0-9-]+ required=[\.0-9-]+ tests=[,_A-Z0-9 ]+ quarantine spam-[^[:space:]]+ \(spam-quarantine\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) Not-Delivered, <[^[:space:]]*> -> <[^[:space:]]*>, quarantine spam-[^[:space:]]+, Message-ID: <[^[:space:]]+>, Hits: 10.684$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) BAD HEADER from( \((bulk|list|junk)\))? <[^[:space:]]*>: .*$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) NOTICE: Not sending DSN in response to bulk mail from <[^[:space:]]*> containing BAD HEADER & SPAM, mail intentionally dropped$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) NOTICE: DSN contains BAD HEADER & SPAM; bounce is not bouncable, mail intentionally dropped$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) NOTICE: UNABLE TO SEND DSN to <[^[:space:]]*>: 550 5\.1\.0 <[^[:space:]]*>: Recipient address rejected: User unknown in virtual alias table$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) mail_via_smtp: 550 5\.1\.0 <[^[:space:]]*>: Recipient address rejected: User unknown in virtual alias table$ +# Old rules dropped 20060114 +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) SPAM, <[^[:space:]]*> -> <[^[:space:]]*>, (No|Yes), hits=[\.0-9-]+ tagged_above=[\.0-9-]+ required=[\.0-9-]+ tests=[,_A-Z0-9 ]+ quarantine spam-[^[:space:]]+ \(spam-quarantine\)$ +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) BAD HEADER from( \((bulk|list|junk)\))? <[^[:space:]]*>: .*$ +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) NOTICE: Not sending DSN in response to bulk mail from <[^[:space:]]*> containing BAD HEADER & SPAM, mail intentionally dropped$ +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) NOTICE: DSN contains BAD HEADER & SPAM; bounce is not bouncable, mail intentionally dropped$ +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) NOTICE: UNABLE TO SEND DSN to <[^[:space:]]*>: 550 5\.1\.0 <[^[:space:]]*>: Recipient address rejected: User unknown in virtual alias table$ +#^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) mail_via_smtp: 550 5\.1\.0 <[^[:space:]]*>: Recipient address rejected: User unknown in virtual alias table$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) Passed BAD-HEADER, \[[\.0-9]+\] <[^[:space:]]*> -> <[^[:space:]]*>, Message-ID: <[^[:space:]]*>, mail_id: ^[:space:]]+, Hits: -, [0-9]+ ms$ # Suspicious words within email addresses are ok ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^>[:space:]]*(attack|BAD|debug|deny|error|expn|promisc|refused)[^>[:space:]]*>.*$ |