From 0bb42fe40a6c3e2dcac80483b77ae9b0fed7f6b6 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sun, 25 May 2003 12:09:05 +0000
Subject: Improved ignore lines all over...

---
 logcheck/ignore.d.server/bind.changes         |  2 +-
 logcheck/ignore.d.server/local                | 85 ++++++++++++++-------------
 logcheck/ignore.d.server/netatalk.changes     | 41 ++++++-------
 logcheck/ignore.d.server/postfix              | 34 +++++------
 logcheck/ignore.d.server/proftpd              |  6 +-
 logcheck/ignore.d.server/tmp                  |  2 +-
 logcheck/ignore.d.workstation/local           | 85 ++++++++++++++-------------
 logcheck/violations.ignore.d/local            | 17 +++---
 logcheck/violations.ignore.d/netatalk.changes |  3 +-
 logcheck/violations.ignore.d/postfix          | 12 ++--
 logcheck/violations.ignore.d/samba            |  2 +-
 11 files changed, 147 insertions(+), 142 deletions(-)

diff --git a/logcheck/ignore.d.server/bind.changes b/logcheck/ignore.d.server/bind.changes
index 4113949..49328b2 100644
--- a/logcheck/ignore.d.server/bind.changes
+++ b/logcheck/ignore.d.server/bind.changes
@@ -8,7 +8,7 @@ named\[[0-9]+\]: approved AXFR from [^[:space:]]+ for [^[:space:]]+$
 named\[[0-9]+\]: zone transfer \(AXFR\) of [^[:space:]]+ to [^[:space:]]+$
 named\[[0-9]+\]: suppressing duplicate notify$
 named\[[0-9]+\]: USAGE [0-9]+ [0-9]+ CPU=[\.0-9]+u/[\.0-9]+s CHILDCPU=[\.0-9]+u/[\.0-9]+s$
-named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (A|CNAME|SOA|PTR|MX|TXT|AAAA|38|IXFR|AXFR|ANY)=[0-9]+)*$
+named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (38|A|AAAA|ANY|AXFR|CNAME|IXFR|MX|NS|PTR|SOA|TXT)=[0-9]+)*$
 named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)*$
 named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$
 named\[[0-9]+\]: Received NOTIFY answer
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index b8ba686..52a72fd 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -28,7 +28,7 @@ named\[[0-9]+\]: approved AXFR from [^[:space:]]+ for [^[:space:]]+$
 named\[[0-9]+\]: zone transfer \(AXFR\) of [^[:space:]]+ to [^[:space:]]+$
 named\[[0-9]+\]: suppressing duplicate notify$
 named\[[0-9]+\]: USAGE [0-9]+ [0-9]+ CPU=[\.0-9]+u/[\.0-9]+s CHILDCPU=[\.0-9]+u/[\.0-9]+s$
-named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (A|CNAME|SOA|PTR|MX|TXT|AAAA|38|IXFR|AXFR|ANY)=[0-9]+)*$
+named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (38|A|AAAA|ANY|AXFR|CNAME|IXFR|MX|NS|PTR|SOA|TXT)=[0-9]+)*$
 named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)*$
 named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$
 named\[[0-9]+\]: Received NOTIFY answer
@@ -156,35 +156,36 @@ nagios: Auto-save of retention data completed successfully\. $
 nagios: LOG ROTATION: DAILY $
 ### ignore.d.server/netatalk.changes
 # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
-afpd\[[0-9]+\]: ([^[:space:]]+: D5:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?(registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?logout [[:alnum:]]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?session from [\.:0-9]+ on [\.:0-9]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?login noauth$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
-afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
 afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$
 afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
-afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: done$
+afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
+afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: afp_alarm: child timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: atp_rresp: Connection timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_read\(-1\): Connection reset by peer$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_write: Broken pipe$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: Connection terminated$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: logout [[:alnum:]]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: session from [\.:0-9]+ on [\.:0-9]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: asp_alrm: [0-9]+ timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: login noauth$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
 afpd\[[0-9]+\]: [^[:space:]]+: S:Logger: can't open Logfile /var/log/netatalk.log$
 afpd\[[0-9]+\]: [_[:alnum:]]+(\(-?[0-9]+\))?: stat [^:]+: (No such file or directory|Permission denied)$
-afpd\[[0-9]+\]: asp_alrm: [0-9]+ timed out$
-afpd\[[0-9]+\]: dsi_stream_(read\(-1\)|write): Connection reset by peer$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process|Permission denied)$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$
 afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$
 atalkd\[[0-9]+\]: (as_timer|nbp brrq) sendto [\.0-9]+( \([0-9]+\))?: Network is unreachable $
 atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $
-papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$
-papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^"]+" from [\.0-9]+$
+papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ done$
+papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ for "[^"]+" from [\.0-9]+$
 ### ignore.d.server/netsaint
 netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
 netsaint: Auto-save of retention data completed successfully\. $
@@ -222,40 +223,40 @@ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=.*$
 postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
 postfix/master\[[0-9]+\]: reload configuration$
-postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^,]+, status=expired, returned to sender$
+postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^,]*>, status=expired, returned to sender$
 postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$
 postfix/postfix-script: refreshing the Postfix mail system$
+postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
+postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$
-postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
 postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$
-postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
-postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
 postfix/smtp\[[0-9]+\]: verify error:num=10:certificate has expired$
 postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$
-postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
-postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
-postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
+postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
+postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
 postfix/smtpd?\[[0-9]+\]: cert has expired$
-postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
-postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain|20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
+postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
+postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
+postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd\[[0-9]+\]: SSL_accept error from [^[:space:]]+\[[\.0-9]+\]: 0
-postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
+postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
+postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
+postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
 postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$
-postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
-postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain|20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
+postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
 postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$
 postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
-postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
-postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
-postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
-postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .*
-postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
+postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
 # These are only for postfix >= 2.0:
 postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: to=<[^,]+, relay=none, delay=[0-9]+, status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting\)$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$
@@ -273,13 +274,13 @@ chat\[[0-9]+\]: CONNECT$
 chat\[[0-9]+\]: OK$
 chat\[[0-9]+\]: send \(\\d\)$
 ### ignore.d.server/proftpd
+proftpd\[[0-9]+\]: No certificate files found! $
+proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP (login timed out|no transfer timeout), disconnected\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $
-proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: (Login successful\.|no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21) $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $
 proftpd\[[0-9]+\]: connect from [\.0-9]+ $
-proftpd\[[0-9]+\]: No certificate files found! $
-proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
 ### ignore.d.server/rpld
 rpld\[[0-9]+\]: client [:a-f0-9]+ requested block [\.0-9]+$
 ### ignore.d.server/samba
@@ -336,7 +337,7 @@ PAM_unix\[[0-9]+\]: check pass; user unknown$
 # old-style pam entries (no longer provided by logcheck but needed on woody)
 PAM_.*: .* session (opened|closed) for user .*
 ## netatalk
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?bad function 7A
+afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: bad function 7A
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes
index be789b7..3d91662 100644
--- a/logcheck/ignore.d.server/netatalk.changes
+++ b/logcheck/ignore.d.server/netatalk.changes
@@ -1,30 +1,31 @@
 # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
-afpd\[[0-9]+\]: ([^[:space:]]+: D5:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?(registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?logout [[:alnum:]]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?session from [\.:0-9]+ on [\.:0-9]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?login noauth$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
-afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
 afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$
 afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
-afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: done$
+afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
+afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: afp_alarm: child timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: atp_rresp: Connection timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_read\(-1\): Connection reset by peer$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_write: Broken pipe$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: Connection terminated$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: logout [[:alnum:]]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: session from [\.:0-9]+ on [\.:0-9]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: asp_alrm: [0-9]+ timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: login noauth$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
 afpd\[[0-9]+\]: [^[:space:]]+: S:Logger: can't open Logfile /var/log/netatalk.log$
 afpd\[[0-9]+\]: [_[:alnum:]]+(\(-?[0-9]+\))?: stat [^:]+: (No such file or directory|Permission denied)$
-afpd\[[0-9]+\]: asp_alrm: [0-9]+ timed out$
-afpd\[[0-9]+\]: dsi_stream_(read\(-1\)|write): Connection reset by peer$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process|Permission denied)$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$
 afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$
 atalkd\[[0-9]+\]: (as_timer|nbp brrq) sendto [\.0-9]+( \([0-9]+\))?: Network is unreachable $
 atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $
-papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$
-papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^"]+" from [\.0-9]+$
+papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ done$
+papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ for "[^"]+" from [\.0-9]+$
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index 889d883..bda61d5 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -3,40 +3,40 @@ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=.*$
 postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
 postfix/master\[[0-9]+\]: reload configuration$
-postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^,]+, status=expired, returned to sender$
+postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^,]*>, status=expired, returned to sender$
 postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$
 postfix/postfix-script: refreshing the Postfix mail system$
+postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
+postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$
-postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
 postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$
-postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
-postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
 postfix/smtp\[[0-9]+\]: verify error:num=10:certificate has expired$
 postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$
-postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
-postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
-postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
+postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
+postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
 postfix/smtpd?\[[0-9]+\]: cert has expired$
-postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
-postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain|20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
+postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
+postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
+postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd\[[0-9]+\]: SSL_accept error from [^[:space:]]+\[[\.0-9]+\]: 0
-postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
+postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
+postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
+postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
 postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$
-postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
-postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain|20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
+postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
 postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$
 postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
-postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
-postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
-postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
-postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .*
-postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
+postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
 # These are only for postfix >= 2.0:
 postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: to=<[^,]+, relay=none, delay=[0-9]+, status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting\)$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$
diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd
index d4a58df..09b752e 100644
--- a/logcheck/ignore.d.server/proftpd
+++ b/logcheck/ignore.d.server/proftpd
@@ -1,7 +1,7 @@
+proftpd\[[0-9]+\]: No certificate files found! $
+proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP (login timed out|no transfer timeout), disconnected\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $
-proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: (Login successful\.|no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21) $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $
 proftpd\[[0-9]+\]: connect from [\.0-9]+ $
-proftpd\[[0-9]+\]: No certificate files found! $
-proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 3675b0f..926cc64 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -6,7 +6,7 @@ PAM_unix\[[0-9]+\]: check pass; user unknown$
 # old-style pam entries (no longer provided by logcheck but needed on woody)
 PAM_.*: .* session (opened|closed) for user .*
 ## netatalk
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?bad function 7A
+afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: bad function 7A
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index d1a7ece..b543f1b 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -28,7 +28,7 @@ named\[[0-9]+\]: approved AXFR from [^[:space:]]+ for [^[:space:]]+$
 named\[[0-9]+\]: zone transfer \(AXFR\) of [^[:space:]]+ to [^[:space:]]+$
 named\[[0-9]+\]: suppressing duplicate notify$
 named\[[0-9]+\]: USAGE [0-9]+ [0-9]+ CPU=[\.0-9]+u/[\.0-9]+s CHILDCPU=[\.0-9]+u/[\.0-9]+s$
-named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (A|CNAME|SOA|PTR|MX|TXT|AAAA|38|IXFR|AXFR|ANY)=[0-9]+)*$
+named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+( (38|A|AAAA|ANY|AXFR|CNAME|IXFR|MX|NS|PTR|SOA|TXT)=[0-9]+)*$
 named\[[0-9]+\]: XSTATS [0-9]+ [0-9]+( (RR|RNXD|RFwdR|RDupR|RFail|RFErr|RErr|RAXFR|RLame|ROpts|SSysQ|SAns|SFwdQ|SDupQ|SErr|RQ|RIQ|RFwdQ|RDupQ|RTCP|SFwdR|SFail|SFErr|SNaAns|SNXD|RUQ|RURQ|RUXFR|RUUpd)=[0-9]+)*$
 named\[[0-9]+\]: lame server resolving '[^[:space:]]+' \(in '[^[:space:]]+'\?\): [\.0-9.]+#[0-9]+$
 named\[[0-9]+\]: Received NOTIFY answer
@@ -156,35 +156,36 @@ nagios: Auto-save of retention data completed successfully\. $
 nagios: LOG ROTATION: DAILY $
 ### ignore.d.server/netatalk.changes
 # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
-afpd\[[0-9]+\]: ([^[:space:]]+: D5:AFPDaemon: )?using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: E:AFPDaemon: )?afp_alarm: child timed out$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?(registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?Connection terminated$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?[\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?logout [[:alnum:]]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?session from [\.:0-9]+ on [\.:0-9]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?(server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:Default: )?CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?login noauth$
-afpd\[[0-9]+\]: ([^[:space:]]+: I:UAMSDaemon: )?uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
-afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
 afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$
 afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
-afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: done$
+afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
+afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: afp_alarm: child timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: atp_rresp: Connection timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_read\(-1\): Connection reset by peer$
+afpd\[[0-9]+\]: [^[:space:]]+: E:Default: dsi_stream_write: Broken pipe$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): (No such file or directory|No such process|Permission denied)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: (registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as|removed) /[^[:space:]]+/net[\.0-9]+node[0-9]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: Connection terminated$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)( AFP2\.2)?$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: logout [[:alnum:]]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: session from [\.:0-9]+ on [\.:0-9]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: CNID DB initialized using Sleepycat Software: Berkeley DB( [\.0-9]+: \([^\(]+\))?$
+afpd\[[0-9]+\]: [^[:space:]]+: I:Default: asp_alrm: [0-9]+ timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: login noauth$
+afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
 afpd\[[0-9]+\]: [^[:space:]]+: S:Logger: can't open Logfile /var/log/netatalk.log$
 afpd\[[0-9]+\]: [_[:alnum:]]+(\(-?[0-9]+\))?: stat [^:]+: (No such file or directory|Permission denied)$
-afpd\[[0-9]+\]: asp_alrm: [0-9]+ timed out$
-afpd\[[0-9]+\]: dsi_stream_(read\(-1\)|write): Connection reset by peer$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process|Permission denied)$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$
 afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$
 atalkd\[[0-9]+\]: (as_timer|nbp brrq) sendto [\.0-9]+( \([0-9]+\))?: Network is unreachable $
 atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $
-papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ done$
-papd\[[0-9]+\]: ([^[:space:]]+: I:PAPDaemon: )?child [0-9]+ for "[^"]+" from [\.0-9]+$
+papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ done$
+papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ for "[^"]+" from [\.0-9]+$
 ### ignore.d.server/netsaint
 netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
 netsaint: Auto-save of retention data completed successfully\. $
@@ -222,40 +223,40 @@ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=.*$
 postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
 postfix/master\[[0-9]+\]: reload configuration$
-postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^,]+, status=expired, returned to sender$
+postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^,]*>, status=expired, returned to sender$
 postfix/n?qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered$
 postfix/postfix-script: refreshing the Postfix mail system$
+postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
+postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$
-postfix/smtp\[[0-9]+\]: Peer certi?ficate could not be verified$
 postfix/smtp\[[0-9]+\]: setting up TLS connection to [^[:space:]]+$
-postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$
-postfix/smtp\[[0-9]+\]: SSL_connect error to [^[:space:]]+: -1
 postfix/smtp\[[0-9]+\]: verify error:num=10:certificate has expired$
 postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$
-postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
-postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
-postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
+postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
+postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
 postfix/smtpd?\[[0-9]+\]: cert has expired$
-postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$
-postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd?\[[0-9]+\]: setting up TLS connection (from|to) [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain|20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
+postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
+postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
+postfix/smtpd\[[0-9]+\]: ((dis)?connect|setting up TLS connection|lost connection after AUTH) from [^[:space:]]+\[[\.0-9]+\]$
+postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$
 postfix/smtpd\[[0-9]+\]: SSL_accept error from [^[:space:]]+\[[\.0-9]+\]: 0
-postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: (SSL|TLS)v[123] with cipher [^[:space:]]+ \([0-9/]+ bits\)$
+postfix/smtpd\[[0-9]+\]: [0-9]+:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1\.c:100:
+postfix/smtpd\[[0-9]+\]: [0-9]+:error:1408807A:SSL routines:SSL3_GET_CERT_VERIFY:bad rsa signature:s3_srvr\.c:1833:
+postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: [^[:space:]]+\[[\.0-9]+\], sasl_method=PLAIN, sasl_username=[[:alnum:]]+$
 postfix/smtpd\[[0-9]+\]: too many errors after RCPT from [^[:space:]]+\[[\.0-9]+\]$
-postfix/smtpd?\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*$
-postfix/smtpd?\[[0-9]+\]: verify error:num=(10:certificate has expired|18:self signed certificate|19:self signed certificate in certificate chain|20:unable to get local issuer certificate|21:unable to verify the first certificate|26:unsupported certificate purpose|27:certificate not trusted)$
+postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
 postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: address not listed for hostname [^[:space:]]+$
 postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
-postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in (MAIL|RCPT) command: (<[^>]+>)?$
-postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
-postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$
-postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .*
-postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
+postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
 # These are only for postfix >= 2.0:
 postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: to=<[^,]+, relay=none, delay=[0-9]+, status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting\)$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$
@@ -273,13 +274,13 @@ chat\[[0-9]+\]: CONNECT$
 chat\[[0-9]+\]: OK$
 chat\[[0-9]+\]: send \(\\d\)$
 ### ignore.d.server/proftpd
+proftpd\[[0-9]+\]: No certificate files found! $
+proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
+proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP (login timed out|no transfer timeout), disconnected\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP session (closed|opened)\. $
-proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP login timed out, disconnected\. $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: (Login successful\.|no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21) $
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $
 proftpd\[[0-9]+\]: connect from [\.0-9]+ $
-proftpd\[[0-9]+\]: No certificate files found! $
-proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
 ### ignore.d.server/rpld
 rpld\[[0-9]+\]: client [:a-f0-9]+ requested block [\.0-9]+$
 ### ignore.d.server/samba
@@ -336,7 +337,7 @@ PAM_unix\[[0-9]+\]: check pass; user unknown$
 # old-style pam entries (no longer provided by logcheck but needed on woody)
 PAM_.*: .* session (opened|closed) for user .*
 ## netatalk
-afpd\[[0-9]+\]: ([^[:space:]]+: I:AFPDaemon: )?bad function 7A
+afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: bad function 7A
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 556a4fe..07f1222 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -24,8 +24,9 @@ kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0
 ### violations.ignore.d/netatalk.changes
 # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
 afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$
+afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$
 afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$
-afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: afp_die: asp_shutdown: Connection timed out$
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$
 ### violations.ignore.d/netsaint
@@ -43,27 +44,27 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $
 ### violations.ignore.d/pmud
 pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$
 ### violations.ignore.d/postfix
+postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
+postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$
-postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
-postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
 postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*
+postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$
-postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$
-postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*
 postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
-postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
 postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .*
+postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
 # These are only for postfix << 2.0:
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$
 # These are only for postfix >= 2.0:
-postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^[:space:]]*>)?$
+postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$
 ### violations.ignore.d/proftpd
 proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
 ### violations.ignore.d/samba
-smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$
+smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$
 ### violations.ignore.d/ssh
 sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
 ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+  user=[^[:space:]]+$
diff --git a/logcheck/violations.ignore.d/netatalk.changes b/logcheck/violations.ignore.d/netatalk.changes
index b756dc0..a82f468 100644
--- a/logcheck/violations.ignore.d/netatalk.changes
+++ b/logcheck/violations.ignore.d/netatalk.changes
@@ -1,6 +1,7 @@
 # Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
 afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$
+afpd\[[0-9]+\]: [^[:space:]]+: D5:Default: cnid_mangle_get: Failed to find mangled entry for .*$
 afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$
-afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$
+afpd\[[0-9]+\]: [^[:space:]]+: I:AFPDaemon: afp_die: asp_shutdown: Connection timed out$
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$
 afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 7da8887..bfcad1b 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -1,17 +1,17 @@
+postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
+postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$
-postfix/local\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
-postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
 postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]>]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*
+postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$
-postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]+ != [^[:space:]]+$
-postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*
 postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$
-postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
 postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .*
+postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
 # These are only for postfix << 2.0:
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2} [^;]+; from=<[^[:space:]>]+> to=<[^>]+>$
 # These are only for postfix >= 2.0:
-postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^[:space:]]*>)?$
+postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$
diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba
index b728d7c..d54c7e0 100644
--- a/logcheck/violations.ignore.d/samba
+++ b/logcheck/violations.ignore.d/samba
@@ -1 +1 @@
-smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$
+smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out))$
-- 
cgit v1.2.3