From 176c4d945796ce85ebadcdcf7ce42dafe1068b22 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sat, 31 Jul 2004 15:55:51 +0000 Subject: Improve ignoring bad words in email addresses. --- logcheck/violations.ignore.d/local | 4 ++-- logcheck/violations.ignore.d/postfix | 2 +- logcheck/violations.ignore.d/temp | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index 1ce3249..57a0d66 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -40,7 +40,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found(, try again)?)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(sent|bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ @@ -85,4 +85,4 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|expn|refused)[^[:space:]]*>.* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* from=<[^[:space:]]*(attack|debug|expn|refused)[^[:space:]]*>, .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* (from|message\-id|to)=<[^[:space:]]*(attack|debug|expn|refused)[^[:space:]]*>.* diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index 5aecc5b..ab5a890 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,4 +1,4 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found(, try again)?)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(sent|bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp index d716f4e..00f2afb 100644 --- a/logcheck/violations.ignore.d/temp +++ b/logcheck/violations.ignore.d/temp @@ -25,4 +25,4 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .* # Suspicious words within email addresses are ok ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^[:space:]]*(attack|debug|expn|refused)[^[:space:]]*>.* -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* from=<[^[:space:]]*(attack|debug|expn|refused)[^[:space:]]*>, .* +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* (from|message\-id|to)=<[^[:space:]]*(attack|debug|expn|refused)[^[:space:]]*>.* -- cgit v1.2.3