From d76fae7b7a416802e725f838e7fc9ba89ddaf0eb Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 17 Dec 2005 11:55:22 +0000
Subject: Reorganize postfix dyndns refusals: Divide in 3 lines, and add one
 more form of 554 refusal.

---
 logcheck/violations.ignore.d/local   | 5 +++--
 logcheck/violations.ignore.d/postfix | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

(limited to 'logcheck')

diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index 6814f49..7f9281a 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -55,8 +55,9 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: (CommonName mis-match: .+|[0-9]+ dNSNames in certificate found, but none matches)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate verification failed for [^[:space:]]+:( num=10:)?certificate has expired$
 
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused (mail service|to talk to me: ([^[:space:]]+ +(550 <[^[:space:]]+>: Client host rejected: Blocked|550 ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|554 #5\.5\.4 Relaying denied\. IP name lookup failed)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)))) +\(port 25\)$
-
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: Blocked|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)) +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?554 (<[^[:space:]]+>: Client host rejected: Reject Dynamic ip|#5\.5\.4 Relaying denied\. IP name lookup failed) +\(port 25\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [^[:space:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm\)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [^[:space:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\)|554 <[^[:space:]]+\[[\.0-9]+\]>: Client host rejected: No mail accepted from you)$
 
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 699a360..5563f7e 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -14,8 +14,9 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate verification failed for [^[:space:]]+:( num=10:)?certificate has expired$
 
 # Too much spam refuse to eat their own shit
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused (mail service|to talk to me: ([^[:space:]]+ +(550 <[^[:space:]]+>: Client host rejected: Blocked|550 ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|554 #5\.5\.4 Relaying denied\. IP name lookup failed)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)))) +\(port 25\)$
-
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?550 (<[^[:space:]]+>: Client host rejected: Blocked|ERROR: Mail Refused - [\.0-9]+ - See [^[:space:]]+|Host [\.0-9]+ is reject as in dynamic reject list \(dynamic\.reject\)) +\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server refused to talk to me: [^[:space:]]+ +)?554 (<[^[:space:]]+>: Client host rejected: Reject Dynamic ip|#5\.5\.4 Relaying denied\. IP name lookup failed) +\(port 25\)$
 # Ignore blacklisting due to being dynamic - or without explaining/hinting at all
 ## Grr - could've been a single rule if only logcheck supported custom classes
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [^[:space:]]+: to=<[^>]*>, relay=none, delay=[0-9]+, status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm\)|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$
-- 
cgit v1.2.3