[Logcheck-commits] Hanspeter Kunz: i.d.s/postfix: ignore disconnects during EHLO ( and not only HELO) handshakes
Hanspeter Kunz
hp-guest at alioth.debian.org
Sat Apr 3 11:12:55 UTC 2010
Module: logcheck
Branch: master
Commit: a2d3d2f46d45fdb3e00ed9ad2eccbc0f610e8509
URL: http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=a2d3d2f46d45fdb3e00ed9ad2eccbc0f610e8509
Author: Hanspeter Kunz <hp at edelkunz.ch>
Date: Sat Apr 3 12:54:19 2010 +0200
i.d.s/postfix: ignore disconnects during EHLO (and not only HELO) handshakes
---
debian/changelog | 4 +++-
rulefiles/linux/ignore.d.server/postfix | 4 ++--
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index d335dd6..0fd9998 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -33,8 +33,10 @@ logcheck (1.3.8) UNRELEASED; urgency=low
- msgid's may contain colons
- ignore discarded vacation responses (bulk, auto-submited, duplicates)
- ignore duplicate forwards
+ * ignore.d.server/postfix:
+ - ignore disconnects during EHLO (and not only HELO) handshakes
- -- Hannes von Haugwitz <hannes at vonhaugwitz.com> Sat, 27 Mar 2010 07:35:52 +0100
+ -- Hanspeter Kunz <hp at edelkunz.ch> Sat, 03 Apr 2010 12:49:27 +0200
logcheck (1.3.7) unstable; urgency=low
diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index a9efd0f..f192455 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -1,5 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(error|n?qmgr)\[[[:digit:]]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[[:digit:]]+,)? delay=[[:digit:].]+,( delays=[[:digit:]./]+,)?( dsn=[45]\.[[:digit:]]\.[[:digit:]],)? status=bounced \(bad address syntax\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(error|n?qmgr|smtp)\[[[:digit:]]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=(none|[^[:space:]]+\[[[:digit:].]{7,15}\]:(25|587)),( conn_use=[[:digit:]]+,)? delay=[[:digit:].]+,( delays=[[:digit:]./]+,)?( dsn=[45]\.[[:digit:]]\.[[:digit:]],)? status=(deferred|undeliverable) \((delivery temporarily suspended: )?(lost connection with [^[:space:]]+ while (sending [[:alnum:]]+( [[:alnum:]]+)?|performing the HELO handshake)|conversation with [^[:space:]]+ timed out while (receiving the initial server greeting|sending [[:alnum:]]+( [/[:alnum:]]+)?|sending end of data -- message may be sent more than once)|connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)|Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found, try again|User unknown in virtual alias table)\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(error|n?qmgr|smtp)\[[[:digit:]]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=(none|[^[:space:]]+\[[[:digit:].]{7,15}\]:(25|587)),( conn_use=[[:digit:]]+,)? delay=[[:digit:].]+,( delays=[[:digit:]./]+,)?( dsn=[45]\.[[:digit:]]\.[[:digit:]],)? status=(deferred|undeliverable) \((delivery temporarily suspended: )?(lost connection with [^[:space:]]+ while (sending [[:alnum:]]+( [[:alnum:]]+)?|performing the (HELO|EHLO) handshake)|conversation with [^[:space:]]+ timed out while (receiving the initial server greeting|sending [[:alnum:]]+( [/[:alnum:]]+)?|sending end of data -- message may be sent more than once)|connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)|Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found, try again|User unknown in virtual alias table)\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=[._[:alnum:]-]+\[[[:digit:].]{7,15}\](:[[:digit:]]{1,5})?, (conn_use=[[:digit:]]+, )?delay=[.[:digit:]]+(, delays=([.[:digit:]]+/){3}[.[:digit:]]+)?(, dsn=2(\.[[:digit:]]+){2})?, status=sent \(2[[:digit:]][[:digit:]] .+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[[:digit:].]{7,15}\](:[[:digit:]]{1,5})?, (conn_use=[[:digit:]]+, )?delay=[.[:digit:]]+(, delays=([.[:digit:]]+/){3}[.[:digit:]]+)?(, dsn=[45](\.[[:digit:]]+){2})?, status=(deferred|bounced|undeliverable) \(host [._[:alnum:]-]+\[[[:digit:].]{7,15}\] said: [45][[:digit:]][[:digit:]] .+ \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.[:digit:]]+,( delays=[.[:digit:]/]+, dsn=[[:digit:].]+,)? status=sent \(250 Ok: queued as [[:digit:]A-F]+\)$
@@ -51,7 +51,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: host [^[:space:]]+ refused to talk to me: [45][[:digit:]][[:digit:]].*$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: host [^[:space:]]+ said: [45][[:digit:]][[:digit:]][- ]+.* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|(end of )?DATA) command\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while performing the HELO handshake$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while performing the (HELO|EHLO) handshake$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while receiving the initial (SMTP|server) greeting$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while sending end of data -- message may be sent more than once$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while sending( [[:upper:]]+){1,2}( command)?$
More information about the Logcheck-commits
mailing list