logcheck: More cleanup and a few updates.

12 files changed, 67 insertions, 73 deletions

diff --git a/logcheck/ignore.d.server/amavis b/logcheck/ignore.d.server/amavis
index 2d38569..8ec860d 100644
--- a/logcheck/ignore.d.server/amavis
+++ b/logcheck/ignore.d.server/amavis
@@ -3,4 +3,3 @@ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>,
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
 amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+>
-amavis\[[0-9]+\]: warning - MIME::Parser error: .*
diff --git a/logcheck/ignore.d.server/dhcp-client b/logcheck/ignore.d.server/dhcp-client
index 32b5148..a301f35 100644
--- a/logcheck/ignore.d.server/dhcp-client
+++ b/logcheck/ignore.d.server/dhcp-client
@@ -1,3 +1,4 @@
+# NB: dhcp 2-x entries are in dhcp
 dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
 dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
 dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
diff --git a/logcheck/ignore.d.server/dhcp.changes b/logcheck/ignore.d.server/dhcp.changes
index 3485782..d452606 100644
--- a/logcheck/ignore.d.server/dhcp.changes
+++ b/logcheck/ignore.d.server/dhcp.changes
@@ -1,8 +1,7 @@
 # NB: dhcp3 entries are in dhcp3-common
 dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \(found\)
-dhcpd-2.2.x: DHCPREQUEST for .* from .* via
-dhcpd-2.2.x: DHCPACK on .* to .* via
-dhcpd-2.2.x: DHCPDISCOVER from .* via
-dhcpd-2.2.x: DHCPOFFER on .* to .* via
 dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+
+dhcpd-2.2.x: DHCP(ACK|NACK|OFFER) on [\.0-9]+ to [:0-9a-e]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
+dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \((not )?found\)
+dhcpd-2.2.x: DHCPREQUEST for .* from .* via eth[0-9]+
diff --git a/logcheck/ignore.d.server/dhcp3-common b/logcheck/ignore.d.server/dhcp3-common
index c583aaf..76744e5 100644
--- a/logcheck/ignore.d.server/dhcp3-common
+++ b/logcheck/ignore.d.server/dhcp3-common
@@ -1,13 +1,11 @@
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
 dhcpd: BOOTREQUEST from
-dhcpd: DHCPACK on [\.0-9]+ to [:0-9a-f]+ via
+dhcpd: DHCP(ACK|NACN|OFFER) on [\.0-9]+ to [:0-9a-f]+ via eth[0-9]+
 dhcpd: DHCPACK to [\.0-9]+
-dhcpd: DHCPDISCOVER from [:0-9a-f]+ via
+dhcpd: DHCPDISCOVER from [:0-9a-f]+ via eth[0-9]+
 dhcpd: DHCPINFORM from
-dhcpd: DHCPNAK on
-dhcpd: DHCPOFFER on [\.0-9]+ to [:0-9a-f]+ via
 dhcpd: DHCPRELEASE of [\.0-9]+
-dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via
+dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via eth[0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index 48a302c..33dc2ff 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -6,7 +6,6 @@ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>,
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
 amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+>
-amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
 anacron\[[0-9]+\]: Normal exit
@@ -52,6 +51,7 @@ ircd\[[0-9]+\]: ircd exiting: autodie
 ircd\[[0-9]+\]: Server Ready
 (ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
 ### ignore.d.server/dhcp-client
+# NB: dhcp 2-x entries are in dhcp
 dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
 dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
 dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
@@ -59,23 +59,20 @@ dhclient(-2.2.x)?: irda0: unknown hardware address type 783
 ### ignore.d.server/dhcp.changes
 # NB: dhcp3 entries are in dhcp3-common
 dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \(found\)
-dhcpd-2.2.x: DHCPREQUEST for .* from .* via
-dhcpd-2.2.x: DHCPACK on .* to .* via
-dhcpd-2.2.x: DHCPDISCOVER from .* via
-dhcpd-2.2.x: DHCPOFFER on .* to .* via
 dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+
+dhcpd-2.2.x: DHCP(ACK|NACK|OFFER) on [\.0-9]+ to [:0-9a-e]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
+dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \((not )?found\)
+dhcpd-2.2.x: DHCPREQUEST for .* from .* via eth[0-9]+
 ### ignore.d.server/dhcp3-common
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
 dhcpd: BOOTREQUEST from
-dhcpd: DHCPACK on [\.0-9]+ to [:0-9a-f]+ via
+dhcpd: DHCP(ACK|NACN|OFFER) on [\.0-9]+ to [:0-9a-f]+ via eth[0-9]+
 dhcpd: DHCPACK to [\.0-9]+
-dhcpd: DHCPDISCOVER from [:0-9a-f]+ via
+dhcpd: DHCPDISCOVER from [:0-9a-f]+ via eth[0-9]+
 dhcpd: DHCPINFORM from
-dhcpd: DHCPNAK on
-dhcpd: DHCPOFFER on [\.0-9]+ to [:0-9a-f]+ via
 dhcpd: DHCPRELEASE of [\.0-9]+
-dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via
+dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via eth[0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
@@ -141,7 +138,7 @@ afpd\[[0-9]\]: Connection terminated
 afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
 afpd\[[0-9]\]: [^[:space:]]+: Broken pipe
 afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer
-afpd\[[0-9]\]: [^[:space:]]+: Connection timed out
+afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out
 afpd\[[0-9]\]: [^[:space:]]+: No route to host
 afpd\[[0-9]\]: [^[:space:]]+: No such file or directory
 afpd\[[0-9]\]: [^[:space:]]+: Permission denied
@@ -338,18 +335,19 @@ snort: WEB-CGI-upload.pl:
 postgres\[[0-9]+\]: \[.*\] DEBUG:
 postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+## amavis
+amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/ucd-snmp
 ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
+i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
 imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
-ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
 ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox
 ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly
-ipop3d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
+ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes
index b9fe99f..4a25f13 100644
--- a/logcheck/ignore.d.server/netatalk.changes
+++ b/logcheck/ignore.d.server/netatalk.changes
@@ -7,7 +7,7 @@ afpd\[[0-9]\]: Connection terminated
 afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
 afpd\[[0-9]\]: [^[:space:]]+: Broken pipe
 afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer
-afpd\[[0-9]\]: [^[:space:]]+: Connection timed out
+afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out
 afpd\[[0-9]\]: [^[:space:]]+: No route to host
 afpd\[[0-9]\]: [^[:space:]]+: No such file or directory
 afpd\[[0-9]\]: [^[:space:]]+: Permission denied
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index c72783a..1c4e59a 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -74,3 +74,5 @@ snort: WEB-CGI-upload.pl:
 postgres\[[0-9]+\]: \[.*\] DEBUG:
 postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+## amavis
+amavis\[[0-9]+\]: warning - MIME::Parser error: .*
diff --git a/logcheck/ignore.d.server/uw-imap.changes b/logcheck/ignore.d.server/uw-imap.changes
index 39d603b..a8d3cab 100644
--- a/logcheck/ignore.d.server/uw-imap.changes
+++ b/logcheck/ignore.d.server/uw-imap.changes
@@ -1,12 +1,11 @@
+i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
 imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
-ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
 ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox
 ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly
-ipop3d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
+ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index 2c6e418..f136415 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -6,7 +6,6 @@ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>,
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
 amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+>
-amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
 anacron\[[0-9]+\]: Normal exit
@@ -52,6 +51,7 @@ ircd\[[0-9]+\]: ircd exiting: autodie
 ircd\[[0-9]+\]: Server Ready
 (ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
 ### ignore.d.server/dhcp-client
+# NB: dhcp 2-x entries are in dhcp
 dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
 dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
 dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
@@ -59,23 +59,20 @@ dhclient(-2.2.x)?: irda0: unknown hardware address type 783
 ### ignore.d.server/dhcp.changes
 # NB: dhcp3 entries are in dhcp3-common
 dhcpd-2.2.x: Abandoning IP address [\.0-9]+: pinged before offer
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \(found\)
-dhcpd-2.2.x: DHCPREQUEST for .* from .* via
-dhcpd-2.2.x: DHCPACK on .* to .* via
-dhcpd-2.2.x: DHCPDISCOVER from .* via
-dhcpd-2.2.x: DHCPOFFER on .* to .* via
 dhcpd-2.2.x: BOOTREQUEST from [:0-9a-f]+
+dhcpd-2.2.x: DHCP(ACK|NACK|OFFER) on [\.0-9]+ to [:0-9a-e]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
+dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [:0-9a-e]+ via eth[0-9]+ \((not )?found\)
+dhcpd-2.2.x: DHCPREQUEST for .* from .* via eth[0-9]+
 ### ignore.d.server/dhcp3-common
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
 dhcpd: BOOTREQUEST from
-dhcpd: DHCPACK on [\.0-9]+ to [:0-9a-f]+ via
+dhcpd: DHCP(ACK|NACN|OFFER) on [\.0-9]+ to [:0-9a-f]+ via eth[0-9]+
 dhcpd: DHCPACK to [\.0-9]+
-dhcpd: DHCPDISCOVER from [:0-9a-f]+ via
+dhcpd: DHCPDISCOVER from [:0-9a-f]+ via eth[0-9]+
 dhcpd: DHCPINFORM from
-dhcpd: DHCPNAK on
-dhcpd: DHCPOFFER on [\.0-9]+ to [:0-9a-f]+ via
 dhcpd: DHCPRELEASE of [\.0-9]+
-dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via
+dhcpd: DHCPREQUEST for [\.0-9]+ from [:0-9a-f]+ via eth[0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
@@ -141,7 +138,7 @@ afpd\[[0-9]\]: Connection terminated
 afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
 afpd\[[0-9]\]: [^[:space:]]+: Broken pipe
 afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer
-afpd\[[0-9]\]: [^[:space:]]+: Connection timed out
+afpd\[[0-9]\]: [^[:space:]]+: (C|c)onnection timed out
 afpd\[[0-9]\]: [^[:space:]]+: No route to host
 afpd\[[0-9]\]: [^[:space:]]+: No such file or directory
 afpd\[[0-9]\]: [^[:space:]]+: Permission denied
@@ -338,21 +335,22 @@ snort: WEB-CGI-upload.pl:
 postgres\[[0-9]+\]: \[.*\] DEBUG:
 postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+## amavis
+amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/ucd-snmp
 ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
+i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
 imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
-ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
 ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox
 ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly
-ipop3d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
+ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
 ### ignore.d.workstation/bind
 named\[[0-9]+\]: ns_forw: sendto.*: Network is unreachable
 ### ignore.d.workstation/devfsd
diff --git a/logcheck/violations.ignore.d/dhcp-client b/logcheck/violations.ignore.d/dhcp-client
index 75ee45d..802ae6f 100644
--- a/logcheck/violations.ignore.d/dhcp-client
+++ b/logcheck/violations.ignore.d/dhcp-client
@@ -1,2 +1,2 @@
-dhcpd-2.2.x: (send_packet|fallback_discard): Connection refused
-dhclient-2.2.x: receive_packet failed on eth[0-9]: Network is down
+dhcpd(-2.2.x)?: (send_packet|fallback_discard): Connection refused
+dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 3363b60..1d49e26 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -2,8 +2,8 @@
 named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
 named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
 ### violations.ignore.d/dhcp-client
-dhcpd-2.2.x: (send_packet|fallback_discard): Connection refused
-dhclient-2.2.x: receive_packet failed on eth[0-9]: Network is down
+dhcpd(-2.2.x)?: (send_packet|fallback_discard): Connection refused
+dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down
 ### violations.ignore.d/misc
 # This one shows up with firewalls blocking SMB ports non-silently
 kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\)
@@ -21,22 +21,22 @@ netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.*
 ### violations.ignore.d/pmud
 pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request
 ### violations.ignore.d/postfix
-postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
+postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)
 postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+@Debug>
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
-postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
+postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 550 <[^[:space:]]+>: User unknown; from=<[^[:space:]]+> to=<[^[:space:]]+>
-postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]]+> to=<[^[:space:]]+>
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 <[^[:space:]]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]]+> to=<[^[:space:]]+>
-postfix/smtpd\[[0-9]+\]: warning: .*: hostname .* verification failed: Host not found
-postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
+postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]]+> to=<[^[:space:]]+>
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)
 ### violations.ignore.d/proftpd
 proftpd\[[0-9]+\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\.
 ### violations.ignore.d/samba
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index f513f5c..07fffa5 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -1,16 +1,16 @@
-postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
+postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)
 postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+@Debug>
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
-postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
+postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 550 <[^[:space:]]+>: User unknown; from=<[^[:space:]]+> to=<[^[:space:]]+>
-postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]]+> to=<[^[:space:]]+>
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 <[^[:space:]]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]]+> to=<[^[:space:]]+>
-postfix/smtpd\[[0-9]+\]: warning: .*: hostname .* verification failed: Host not found
-postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
+postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]]+> to=<[^[:space:]]+>
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)