[Logcheck-commits] r1170 - in logcheck/trunk/rulefiles/linux: ignore.d.paranoid ignore.d.server violations.ignore.d

Fri Jul 14 08:00:55 UTC 2006

Author: madduck
Date: 2006-07-14 08:00:51 +0000 (Fri, 14 Jul 2006)
New Revision: 1170

Modified:
   logcheck/trunk/rulefiles/linux/ignore.d.paranoid/postfix
   logcheck/trunk/rulefiles/linux/ignore.d.server/postfix
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
Log:
postfix rule refinements

Modified: logcheck/trunk/rulefiles/linux/ignore.d.paranoid/postfix
===================================================================

--- logcheck/trunk/rulefiles/linux/ignore.d.paranoid/postfix	2006-07-14 07:24:15 UTC (rev 1169)
+++ logcheck/trunk/rulefiles/linux/ignore.d.paranoid/postfix	2006-07-14 08:00:51 UTC (rev 1170)
@@ -1,7 +1,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/pickup\[[0-9]+\]: [[:alnum:]]+: uid=[0-9]+ from=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: (resent-|)message-id=<([^[:space:]]+|)>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [[:alnum:]]+: from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: (resent-|)message-id=<[[:alnum:].]+@[-_.[:alnum:]]>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+$
@@ -12,7 +12,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: aliases\.\*longest$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: from=[^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: lost input channel$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: message-id=<([^[:space:]]+|)>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: message-id=<[[:alnum:].]+@[-_.[:alnum:]]>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: putoutmsg$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: status=[^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: timeout waiting$

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/postfix	2006-07-14 07:24:15 UTC (rev 1169)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/postfix	2006-07-14 08:00:51 UTC (rev 1170)
@@ -59,7 +59,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: resent-message-id=<.+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: resent-message-id=<[[:alnum:].]+@[-_.[:alnum:]]>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP command: .*$

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-07-14 07:24:15 UTC (rev 1169)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-07-14 08:00:51 UTC (rev 1170)
@@ -24,6 +24,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: [[:digit:]]+ dNSNames in certificate found, but none matches
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer name verification failed for [^[:space:]]+: CommonName mis-match:( [._[:alnum:]-]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host rejected: Greylisted for [0-9]+ (seconds|minutes)( \(see http://isg.ee.ethz.ch/tools/postgrey/help/[.[:alnum:]-]+.html\))?; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+: from=<[^[:space:]]*>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access denied; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$


