path: root/logcheck/violations.ignore.d/postfix

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host (name has no address|not found(, try again)?)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]]+\[[\.0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [^[:space:]]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:]]+, delay=[0-9]+, status=(sent|bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]]+>)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [^[:space:]]+: message-id=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [^[:space:]]+: from=<[^[:space:]]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [^[:space:]]+: Could not start TLS: client failure$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: Peer verification: CommonName in certificate does not match: [^!]* != [^[:space:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [^[:space:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: ([^[:space:]]+ 550 ERROR: Mail Refused - [\.0-9]+ - See http://security.rr.com/mail_blocks.htm|550 Host [\.0-9]+ is reject as in dynamic reject list \(dynamic.reject\))$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [^[:space:]]+: host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: (Recipient|Sender) address rejected: .* \(in reply to RCPT TO command\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify error:num=7:certificate signature failure$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: Read failed in network_biopair_interop with errno=[0-9-]+: num_read=[0-9-]+, want_read=[0-9-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [0-9]+:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay\.c:578:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: MAIL from [^[:space:]]+\[[\.0-9]+\]: 552 Message size exceeds fixed limit; proto=ESMTP helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 452 Insufficient system storage; from=<[^[:space:]]+> to=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+\[[\.0-9]+\] in RCPT command: .*
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: smtpd_peer_init: [\.0-9]+: hostname [^[:space:]]+ verification failed: (Name or service not known|Temporary failure in name resolution)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [^[:space:]]+: reject: (DATA|RCPT) from [^[:space:]]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$
# Suspicious words within email addresses are ok
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]:.* (from|message\-id|to)=<[^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]*>.*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(attack|debug|deny|error|expn|refused)[^[:space:]]* has a valid A record$