From 79d4dad44f8c89ec243a86f96e7680e2e6d87ef3 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Thu, 2 Jan 2003 01:33:40 +0000 Subject: Misc updates to postfix and samba loglines. --- logcheck/ignore.d.server/local | 8 +++++--- logcheck/ignore.d.server/postfix | 3 ++- logcheck/ignore.d.server/tmp | 5 +++-- logcheck/ignore.d.workstation/local | 8 +++++--- logcheck/violations.ignore.d/local | 12 ++++++++---- logcheck/violations.ignore.d/postfix | 12 ++++++++---- 6 files changed, 31 insertions(+), 17 deletions(-) (limited to 'logcheck') diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local index 87c4fbb..3a6a75b 100644 --- a/logcheck/ignore.d.server/local +++ b/logcheck/ignore.d.server/local @@ -214,12 +214,13 @@ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX \. workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ -postfix/smtp\[[0-9]+\]: fingerprint=[0-9A-F:]+$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: TLSv1 with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: Verified: subject_CN=[^,]+, issuer=[^,]+$ +postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ +postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ @@ -340,11 +341,12 @@ portsentry\[[0-9]+\]: attackalert: .* pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument ## samba smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \(2de1\) - ignoring. $ -smbd\[[0-9]+\]: read(_socket)?_data: recv failure for 4. Error = (No route to host|Connection reset by peer) $ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $ -sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ $ +## ssh +sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $ ## postfix postfix.*\[[0-9]+\]: .* from= diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix index 475b687..ece6e36 100644 --- a/logcheck/ignore.d.server/postfix +++ b/logcheck/ignore.d.server/postfix @@ -7,12 +7,13 @@ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX \. workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ -postfix/smtp\[[0-9]+\]: fingerprint=[0-9A-F:]+$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: TLSv1 with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: Verified: subject_CN=[^,]+, issuer=[^,]+$ +postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ +postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp index 50bf0fc..9f25fca 100644 --- a/logcheck/ignore.d.server/tmp +++ b/logcheck/ignore.d.server/tmp @@ -44,11 +44,12 @@ portsentry\[[0-9]+\]: attackalert: .* pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument ## samba smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \(2de1\) - ignoring. $ -smbd\[[0-9]+\]: read(_socket)?_data: recv failure for 4. Error = (No route to host|Connection reset by peer) $ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $ -sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ $ +## ssh +sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $ ## postfix postfix.*\[[0-9]+\]: .* from= diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local index 8e4e3d8..48abfc3 100644 --- a/logcheck/ignore.d.workstation/local +++ b/logcheck/ignore.d.workstation/local @@ -214,12 +214,13 @@ postfix/postfix-script: refreshing the Postfix mail system$ postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX \. workaround for [^[:space:]]+\[[\.0-9]+\]$ postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)$ -postfix/smtp\[[0-9]+\]: fingerprint=[0-9A-F:]+$ postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+$ postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record$ postfix/smtpd?\[[0-9]+\]: TLS connection established (from|to) [^[:space:]]+: TLSv1 with cipher [^[:space:]]+ \([0-9/]+ bits\)$ postfix/smtpd?\[[0-9]+\]: Verified: subject_CN=[^,]+, issuer=[^,]+$ +postfix/smtpd?\[[0-9]+\]: fingerprint=[0-9A-F:]+$ +postfix/smtpd?\[[0-9]+\]: setting up TLS connection from [^[:space:]]+\[[\.0-9]+\]$ postfix/smtpd?\[[0-9]+\]: warning: (numeric|malformed) domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]*$ postfix/smtpd?\[[0-9]+\]: warning: valid_hostname: (empty hostname|invalid character [0-9]+\(decimal\): [^[:space:]]+)$ postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]$ @@ -340,11 +341,12 @@ portsentry\[[0-9]+\]: attackalert: .* pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument ## samba smbd\[[0-9]+\]: process_local_message: unknown UDP message command code \(2de1\) - ignoring. $ -smbd\[[0-9]+\]: read(_socket)?_data: recv failure for 4. Error = (No route to host|Connection reset by peer) $ +smbd\[[0-9]+\]: read(_socket)?_data: (read|recv) failure for 4. Error = (No route to host|Connection reset by peer) $ smbd\[[0-9]+\]: smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $ smbd\[[0-9]+\]: yield_connection: tdb_delete for name failed with error Record does not exist\. $ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:find_service))\([0-9]+\) $ -sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ $ +## ssh +sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $ ## postfix postfix.*\[[0-9]+\]: .* from= diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local index d1b7e46..1051ac4 100644 --- a/logcheck/violations.ignore.d/local +++ b/logcheck/violations.ignore.d/local @@ -37,7 +37,6 @@ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $ ### violations.ignore.d/pmud pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$ ### violations.ignore.d/postfix -# This extension is for postfix 2.0 (and can thus be enabled unconditionally when included in that package: ( proto=E?SMTP helo=<[^[:space:]>]+>)? postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ @@ -51,21 +50,26 @@ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 504 <[^ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown; rejecting)[^\)]*\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid (ip address|name); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ +# These are only for postfix << 2.0: +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +# These are only for postfix >= 2.0: +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ ### violations.ignore.d/proftpd proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$ ### violations.ignore.d/samba diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix index cbc44c1..82c13c2 100644 --- a/logcheck/violations.ignore.d/postfix +++ b/logcheck/violations.ignore.d/postfix @@ -1,4 +1,3 @@ -# This extension is for postfix 2.0 (and can thus be enabled unconditionally when included in that package: ( proto=E?SMTP helo=<[^[:space:]>]+>)? postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$ postfix/(qmgr|smtp)\[[0-9]+\]: [^\(]+ status=deferred \(connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)$ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]>]+>$ @@ -12,18 +11,23 @@ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 504 <[^ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 550 [^\)]+ (Access denied|Recipient address rejected|Relaying denied|Sender Not Authorised|unknown or illegal alias|User unknown; rejecting)[^\)]*\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 552 header content rejected: see [^\)]+\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 553 sorry, your envelope sender has been denied [^\)]+\)$ -postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 571 <>\.\.\. denied\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 450 <[^[:space:]>]+>: (Recipient address rejected: Recipient mailbox is full|Sender address rejected: Domain not found)\)$ postfix/smtp\[[0-9]+\]: [^\(]+ status=deferred \(host [^[:space:]]+ said: 451 Transaction failed.\)$ postfix/smtp\[[0-9]+\]: connect to [^[:space:]\[]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 452 Insufficient system storage; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 501 <[^>]+>: Helo command rejected: Invalid (ip address|name); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 503 Improper use of SMTP command pipelining; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>:]+>: Helo command rejected: Invalid name; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ -postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>( proto=E?SMTP helo=<[^[:space:]>]+>)?$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 550 <[^>]+>: User unknown; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 <[^>]+>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<[^[:space:]>]*> to=<[^[:space:]>]+>$ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 554 Service unavailable; .* blocked using .*; from=<[^[:space:]>]+> to=<[^[:space:]>]+> postfix/smtpd\[[0-9]+\]: warning: [^[:space:]:]+: hostname [\.[:alnum:]-]+ verification failed: Host name has no address$ +# These are only for postfix << 2.0: +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\)$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+>$ +# These are only for postfix >= 2.0: +postfix/smtp\[[0-9]+\]: [^\(]+ status=bounced \(host [^[:space:]]+ said: 554 <[^[:space:]>]+>:( Recipient address rejected:)? Relay access denied\) proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: RCPT from [^:]+: 450 <[^>]+>: (Sender|Recipient) address rejected: Domain not found; from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ +postfix/smtpd\[[0-9]+\]: reject: RCPT from [^:]+: 504 <[^>]+>: (Helo command|Recipient address) rejected: need fully-qualified (address|hostname); from=<[^[:space:]>]+> to=<[^[:space:]>]+> proto=E?SMTP helo=<[^[:space:]>]+>$ -- cgit v1.2.3