From a20d9a455a3e57d1e6ec30e9d8fca40fae7fd72c Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 5 Aug 2006 08:27:56 +0000
Subject: Ignore more authentication failures. Ignore more spam filtering.

---
 logcheck/violations.ignore.d/local | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'logcheck/violations.ignore.d/local')

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 8cfa811..5a1597c 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -1,7 +1,6 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) Blocked SPAM, [0-9-]+ <[^[:space:]]*> -> <[^[:space:]]*>, quarantine: [^[:space:]]+, Message-ID: [^[:space:]]+, mail_id: [^[:space:]]+, Hits: [-\.0-9]+, [0-9]+ ms$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) INFO: unfolded [0-9]+ illegal all-whitespace continuation lines$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) Passed BAD-HEADER,( \[[\.0-9]+\])? <[^[:space:]]*> -> <[^[:space:]]*>, Message-ID: [^[:space:]]+, mail_id: [^[:space:]]+, Hits: [-\.0-9]+, [0-9]+ ms$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: .*<[^>[:space:]]*(attack|BAD|debug|deny|error|expn|promisc|refused)[^>[:space:]]*>.*$
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) (Passed BAD-HEADER|Blocked SPAM), \[[0-9-]+\] <[^[:space:]]*> -> <[^[:space:]]*>(, (quarantine|Message-ID|mail_id|Hits|queued_as): [^[:space:]]+)+, [0-9]+ ms$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dccproc\[[0-9]+\]: continue not asking DCC [0-9]+ seconds after failure$
@@ -44,11 +43,11 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: (CommonName mis-match:.*|[0-9]+ dNSNames in certificate found, but none matches)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate verification failed for [^[:space:]]+:( num=7:certificate signature failure|( num=10:)?certificate has expired| num=24:invalid CA certificate)$
 
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: (to|relay|delay|delays|dsn)=([^[:space:]]+, )status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: ((to|relay|delay|delays|dsn)=[^[:space:]]+, )status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
 
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: [[:xdigit:]]+: ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message\-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|refused)[^>]*>.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|refused)[^[:space:]]* has a valid A record$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: [[:xdigit:]]+: ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^>]*>.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|BAD|debug|denied|deny|error|expn|promisc|refused)[^[:space:]]* has a valid A record$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer ?$
@@ -81,5 +80,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED [^[:space:]]+ to [^[:space:]]+:143 as [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=[^[:space:]]*)?( auth=[^[:space:]]*)? host=([^[:space:]]* )?\[[^[:space:]]+\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mod_auth_shadow: VALIDATE: user: [^[:space:]]+, Authentication failure$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: SASL LOGIN authentication failed: authentication failure$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: SASL authentication failure: Password verification failed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: SASL (LOGIN|PLAIN) authentication failed: authentication failure$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.imapproxyd\[[0-9]+\]: LOGIN: '[^[:space:]]+' \([:\.0-9]+\) failed: non-OK server response to LOGIN command$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) do_executable/do_unzip failed, ignoring: format error: bad signature: 0x00905a4d at offset 0 in file /var/lib/amavis/amavis-[0-9T-]+/parts/part-[0-9]+$
-- 
cgit v1.2.3