Fix and small tightening up of email-related non-alerts.

2 files changed, 6 insertions, 6 deletions

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index e8b088e..dc7de67 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -82,9 +82,9 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (refused to talk.*|Mail refused.*)+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: .* Mail refused .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*(  user=[[:alnum:]]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index e00c80c..a7dbbc1 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -19,9 +19,9 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
 # Suspicious words within email addresses are ok
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix[[:alnum:]]+\[[0-9]+\]:.* (refused to talk.*|Mail refused.*)+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: .* Mail refused .*$
 # Failed logins is impossible to deal with through logcheck anyway
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot-auth|(imap|i(map|pop3)d|afpd|kdm: :0|pop|samba)\[[0-9]+\]):( \(pam_unix\))? authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*(  user=[[:alnum:]]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kdm: :0\[[0-9]+\]: \(pam_unix\) pam_setcred(DELETE_CRED) for [^[:space:]]* failed: Error in service module