summaryrefslogtreecommitdiff
path: root/logcheck/violations.ignore.d/postfix
blob: 27c47cc11031760d63243de5bd6f2e5e04f66344 (plain) 
    

  1. # Non-critical routine operations involving suspicious wording
    2. 

  2. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied$
    3. 

  3. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: .*$
    4. 

  4. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]]+\[[\.0-9]+\]$
    5. 

  5. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [[:xdigit:]]+: ((to|orig_to|relay|conn_use|delay|delays|dsn)=[^[:space:]]+, )+status=(sent|bounced|deferred) \((\(.*\)|[^\(\)]*)*\)( proto=E?SMTP helo=<[^>]*>)?$
    6. 

  6. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): reject: (DATA|MAIL|RCPT) from [^[:space:]]+\[[\.0-9]+\]: .*$
    7. 

  7. 

  8. # Certificate handling is non-fatal
    9. 

  9. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: Cannot start TLS: handshake failure$
    10. 

  10. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: Could not start TLS: client failure$
    11. 

  11. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: (Unv|V)erified: subject_CN=.*, issuer=.*
    12. 

  12. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: (CommonName mis-match:.*|[0-9]+ dNSNames in certificate found, but none matches)$
    13. 

  13. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: certificate verification failed for [^[:space:]]+:( num=7:certificate signature failure|( num=10:)?certificate has expired| num=24:invalid CA certificate)$
    14. 

  14. 

  15. # Remote hosts refusing to talk is not a security thread
    16. 

  16. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:xdigit:]]+: ((to|relay|delay|delays|dsn)=[^[:space:]]+, )status=deferred \(delivery temporarily suspended: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
    17. 

  17. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:xdigit:]]+: host [^[:space:]]+\[[\.0-9]+\] refused to talk to me: .*$
    18. 

  18. 

  19. # Suspiciously worded hostname or email address is not a security thread
    20. 

  20. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: ([[:xdigit:]]+|NOQUEUE): ([^[:space:]]+=[^[:space:]]+, )*(from|helo|message-id|to)=<[^>]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^>]*>.*$
    21. 

  21. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: warning: no MX host for [^[:space:]]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^[:space:]]* has a valid A record$
    22. 

  22. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp+\[[0-9]+\]: connect to [^[:space:]]*(DEBUG|ERROR|EXPN|FAILURE|Failed|ILLEGAL|PERMITTED|REFUSED|VRFY|BAD|debug|denied|deny|expn|failed|failure|illegal|permitted|promisc|reject|rexec|rshd|securityalert|setsender|shutdown|smrsh|sucked|unapproved|unauthorized|vrfy)[^[:space:]]*:.*$
    23.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 13:11:36 +0000