diff options
author | Jonas Smedegaard <dr@jones.dk> | 2004-12-20 12:54:38 +0000 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2004-12-20 12:54:38 +0000 |
commit | 4918f32db01380e9d46ddecf7edbdb43ceeb97e8 (patch) | |
tree | 0c55cb01d4c68e43930aee3236489ba071ef97b9 /logcheck/violations.ignore.d/temp | |
parent | de140f643be433c06e223f3922e0d11b42fc9a52 (diff) |
Tighten postfix ignoring smtp refusals to only include known cases of rejecting dynamic addresses.
Move postfix and amavisd-new rules from temp to their respective files.
Duplicate postfix signature verification failures from server.d to violations.d.
Diffstat (limited to 'logcheck/violations.ignore.d/temp')
-rw-r--r-- | logcheck/violations.ignore.d/temp | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index a7dbbc1..02cac7e 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -17,10 +17,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: .*: 554 <[^[:space:]]*>: Recipient address rejected: User unknown; .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* -# Suspicious words within email addresses are ok -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: .* Mail refused .*$ # Failed logins is impossible to deal with through logcheck anyway ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*( user=[[:alnum:]]+)?$ |