diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 2 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 2 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 6 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 6 |
5 files changed, 7 insertions, 11 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index cefb08e..a62c894 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -231,8 +231,8 @@ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connectio postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .* -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ # These are only for postfix >= 2.0: postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$ diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index a60d7b7..b577ded 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -24,8 +24,8 @@ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connectio postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .* -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ # These are only for postfix >= 2.0: postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 903dddc..9ab45d6 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -231,8 +231,8 @@ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connectio postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .* -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: address not listed for hostname [^[:space:]]+$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ # These are only for postfix >= 2.0: postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index e211aed..db658b8 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -43,16 +43,14 @@ postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:spac postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(bad host/domain syntax: "[^"]+"\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]\[]+\[[\.0-9]+\]: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \(host [^[:space:]\[]+\[[\.0-9]+\] said: [45][0-9]{2} [^\)]+\)+$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \([^\)]+\)+$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(host [^[:space:]]+ said: 554 <[^>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \([^\)]+\)+ proto=E?SMTP helo=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index ac6f147..bc2a08c 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -4,14 +4,12 @@ postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:spac postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(bad host/domain syntax: "[^"]+"\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]\[]+\[[\.0-9]+\]: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \(host [^[:space:]\[]+\[[\.0-9]+\] said: [45][0-9]{2} [^\)]+\)+$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \([^\)]+\)+$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(host [^[:space:]]+ said: 554 <[^>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \([^\)]+\)+ proto=E?SMTP helo=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ |