diff options
| author | Jonas Smedegaard <dr@jones.dk> | 2005-12-17 12:21:29 +0000 |
|---|---|---|
| committer | Jonas Smedegaard <dr@jones.dk> | 2005-12-17 12:21:29 +0000 |
| commit | ac3a2d14f4ec077455e2cbfe3f13d390e46e0bc5 (patch) | |
| tree | 695f722f8f4a0badc96516bc66a5632b804fad20 /logcheck/violations.ignore.d/postfix | |
| parent | d76fae7b7a416802e725f838e7fc9ba89ddaf0eb (diff) | |
suppress some more suspicious words in email adresses of postfix and amavisd-new. Relax postfix verification failed filter. Add another dyndns smtp refusal.
Diffstat (limited to 'logcheck/violations.ignore.d/postfix')
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 5563f7e..af3d90e 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -15,7 +15,7 @@ # Too much spam refuse to eat their own shit ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) +\(port 25\)$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: Blocked|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)) +\(port 25\)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: Blocked|[\.0-9]+, Sorry access denied to you|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)) +\(port 25\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?554 (<[^[:space:]]+>: Client host rejected: Reject Dynamic ip|#5\.5\.4 Relaying denied\. IP name lookup failed) +\(port 25\)$ # Ignore blacklisting due to being dynamic - or without explaining/hinting at all ## Grr - could've been a single rule if only logcheck supported custom classes @@ -29,8 +29,8 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: MAIL from [^[:space:]]+\[[\.0-9]+\]: 552 Message size exceeds fixed limit; proto=ESMTP helo=<[^>]*>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^>]*> to=<[^>]*>$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in RCPT command: .* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_peer_init: [\.0-9]+: hostname [^[:space:]]+ verification failed: (Name or service not known|Temporary failure in name resolution)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:( smtpd_peer_init:)? [\.0-9]+: hostname [^[:space:]]+ verification failed: (Name or service not known|Temporary failure in name resolution)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [^[:space:]]+: reject: (DATA|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$ # Suspicious words within email addresses are ok -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^>]*(attack|debug|deny|error|expn|refused)[^>]*>.*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|helo|message\-id|to)=<[^>[:space:]]*(attack|debug|deny|error|expn|refused)[^>[:space:]]*>.*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$ |