diff options
| -rw-r--r-- | logcheck/ignore.d.server/local | 19 | ||||
| -rw-r--r-- | logcheck/ignore.d.server/postfix | 19 | ||||
| -rw-r--r-- | logcheck/ignore.d.workstation/local | 19 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/local | 33 | ||||
| -rw-r--r-- | logcheck/violations.ignore.d/postfix | 33 |
5 files changed, 46 insertions, 77 deletions
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index cbc626c..1d27d68 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -212,9 +212,10 @@ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ +postfix/smtp\[[0-9]+\]: SSL_connect error to express.ikokok.com: -1 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ -postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ -postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ +postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ +postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ postfix/smtp\[[0-9]+\]: verify error:num=18:self signed certificate$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ @@ -223,18 +224,18 @@ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A reco postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=[^,]+, issuer=[^,]+$ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSLv3|TLSv1) with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ -postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ -postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ -postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ +postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .* +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: address not listed for hostname [^[:space:]]+$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: server dropped connection without sending the initial greeting \(port 25\)$ +postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$ ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$ diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 8015d24..5a777a4 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -5,9 +5,10 @@ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ +postfix/smtp\[[0-9]+\]: SSL_connect error to express.ikokok.com: -1 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ -postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ -postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ +postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ +postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ postfix/smtp\[[0-9]+\]: verify error:num=18:self signed certificate$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ @@ -16,15 +17,15 @@ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A reco postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=[^,]+, issuer=[^,]+$ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSLv3|TLSv1) with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ -postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ -postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ -postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ +postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .* +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: address not listed for hostname [^[:space:]]+$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: server dropped connection without sending the initial greeting \(port 25\)$ +postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$ diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 2958645..ec6eb1d 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -212,9 +212,10 @@ postfix/master\[[0-9]+\]: reload configuration$ postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$ +postfix/smtp\[[0-9]+\]: SSL_connect error to express.ikokok.com: -1 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$ -postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ -postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ +postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ +postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$ postfix/smtp\[[0-9]+\]: verify error:num=18:self signed certificate$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ @@ -223,18 +224,18 @@ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A reco postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=[^,]+, issuer=[^,]+$ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSLv3|TLSv1) with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ -postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ -postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ -postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$ +postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command: -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+$ -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ +postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL command: <[^>]+>|RCPT command: )$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .* +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: address not listed for hostname [^[:space:]]+$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host (name has no address|not found)$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: server dropped connection without sending the initial greeting \(port 25\)$ +postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$ ### ignore.d.server/postgresql postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$ diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 377bf13..e211aed 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -38,39 +38,22 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ -postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(bad host/domain syntax: "[^"]+"\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)+$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Message content rejected|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown)[^\)]*\)+$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\)$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(bad host/domain syntax: "[^"]+"\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: Helo command rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^>]+>: Recipient address rejected[^;]*; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]\[]+\[[\.0-9]+\]: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address|Sender address) rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \(host [^[:space:]\[]+\[[\.0-9]+\] said: [45][0-9]{2} [^\)]+\)+$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address|Sender address) rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(host [^[:space:]]+ said: 554 <[^>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index f790a58..ac6f147 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,34 +1,17 @@ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ -postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$ postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$ postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(bad host/domain syntax: "[^"]+"\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^\)]+\)+$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Message content rejected|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown)[^\)]*\)+$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\)$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(Name service error for [^[:space:]:]+: Host not found\)$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(bad host/domain syntax: "[^"]+"\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: Helo command rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^>]+>: Recipient address rejected[^;]*; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> -postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: warning: [^[:space:]\[]+\[[\.0-9]+\]: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ # These are only for postfix << 2.0: -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address|Sender address) rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=(bounced|deferred) \(host [^[:space:]\[]+\[[\.0-9]+\] said: [45][0-9]{2} [^\)]+\)+$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ # These are only for postfix >= 2.0: -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address|Sender address) rejected[^;]*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>, relay=[^[:space:]\[]+\[[\.0-9]+\], delay=[0-9]+, status=bounced \(host [^[:space:]]+ said: 554 <[^>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} <[^>]+>: [^;]+; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ |