From acafc0634bcf4fc97a01f98f1d3ff303858fe8e1 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Tue, 18 Jul 2006 19:10:27 +0000
Subject: Fix merged regex for postfix generic rejects.

---
 logcheck/violations.ignore.d/local   | 2 +-
 logcheck/violations.ignore.d/postfix | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 3094b5c..704c33f 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -63,7 +63,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in RCPT command: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:( smtpd_peer_init:)? [\.0-9]+: hostname [^[:space:]]+ verification failed: (Name or service not known|Temporary failure in name resolution)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]|NOQUEUE]+: reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|helo|message\-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|refused)[^>]*>.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|refused)[^[:space:]]* has a valid A record$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 61450ce..af23cc2 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -34,7 +34,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in RCPT command: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:( smtpd_peer_init:)? [\.0-9]+: hostname [^[:space:]]+ verification failed: (Name or service not known|Temporary failure in name resolution)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]|NOQUEUE]+: reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<[^>]*>)?$
 # Suspicious words within email addresses are ok
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|helo|message\-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|refused)[^>]*>.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|refused)[^[:space:]]* has a valid A record$
-- 
cgit v1.2.3