[Logcheck-commits] Hanspeter Kunz: i.d.s/postfix: ignore disconnects during EHLO ( and not only HELO) handshakes

Gerfried Fuchs alfie at alioth.debian.org
Wed May 12 00:09:42 UTC 2010 

Module: logcheck
Branch: lenny-backports
Commit: a2d3d2f46d45fdb3e00ed9ad2eccbc0f610e8509
URL:    http://git.debian.org/?p=logcheck/logcheck.git;a=commit;h=a2d3d2f46d45fdb3e00ed9ad2eccbc0f610e8509

Author: Hanspeter Kunz <hp at edelkunz.ch>
Date:   Sat Apr  3 12:54:19 2010 +0200

i.d.s/postfix: ignore disconnects during EHLO (and not only HELO) handshakes

---

 debian/changelog                        |    4 +++-
 rulefiles/linux/ignore.d.server/postfix |    4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index d335dd6..0fd9998 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -33,8 +33,10 @@ logcheck (1.3.8) UNRELEASED; urgency=low
     - msgid's may contain colons
     - ignore discarded vacation responses (bulk, auto-submited, duplicates)
     - ignore duplicate forwards
+  * ignore.d.server/postfix:
+    - ignore disconnects during EHLO (and not only HELO) handshakes
 
- -- Hannes von Haugwitz <hannes at vonhaugwitz.com>  Sat, 27 Mar 2010 07:35:52 +0100
+ -- Hanspeter Kunz <hp at edelkunz.ch>  Sat, 03 Apr 2010 12:49:27 +0200
 
 logcheck (1.3.7) unstable; urgency=low
 
diff --git a/rulefiles/linux/ignore.d.server/postfix b/rulefiles/linux/ignore.d.server/postfix
index a9efd0f..f192455 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -1,5 +1,5 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(error|n?qmgr)\[[[:digit:]]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=none,( conn_use=[[:digit:]]+,)? delay=[[:digit:].]+,( delays=[[:digit:]./]+,)?( dsn=[45]\.[[:digit:]]\.[[:digit:]],)? status=bounced \(bad address syntax\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(error|n?qmgr|smtp)\[[[:digit:]]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=(none|[^[:space:]]+\[[[:digit:].]{7,15}\]:(25|587)),( conn_use=[[:digit:]]+,)? delay=[[:digit:].]+,( delays=[[:digit:]./]+,)?( dsn=[45]\.[[:digit:]]\.[[:digit:]],)? status=(deferred|undeliverable) \((delivery temporarily suspended: )?(lost connection with [^[:space:]]+ while (sending [[:alnum:]]+( [[:alnum:]]+)?|performing the HELO handshake)|conversation with [^[:space:]]+ timed out while (receiving the initial server greeting|sending [[:alnum:]]+( [/[:alnum:]]+)?|sending end of data -- message may be sent more than once)|connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)|Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found, try again|User unknown in virtual alias table)\)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/(error|n?qmgr|smtp)\[[[:digit:]]+\]: [[:alnum:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=(none|[^[:space:]]+\[[[:digit:].]{7,15}\]:(25|587)),( conn_use=[[:digit:]]+,)? delay=[[:digit:].]+,( delays=[[:digit:]./]+,)?( dsn=[45]\.[[:digit:]]\.[[:digit:]],)? status=(deferred|undeliverable) \((delivery temporarily suspended: )?(lost connection with [^[:space:]]+ while (sending [[:alnum:]]+( [[:alnum:]]+)?|performing the (HELO|EHLO) handshake)|conversation with [^[:space:]]+ timed out while (receiving the initial server greeting|sending [[:alnum:]]+( [/[:alnum:]]+)?|sending end of data -- message may be sent more than once)|connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)|Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found, try again|User unknown in virtual alias table)\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=[._[:alnum:]-]+\[[[:digit:].]{7,15}\](:[[:digit:]]{1,5})?, (conn_use=[[:digit:]]+, )?delay=[.[:digit:]]+(, delays=([.[:digit:]]+/){3}[.[:digit:]]+)?(, dsn=2(\.[[:digit:]]+){2})?, status=sent \(2[[:digit:]][[:digit:]] .+\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[[:digit:].]{7,15}\](:[[:digit:]]{1,5})?, (conn_use=[[:digit:]]+, )?delay=[.[:digit:]]+(, delays=([.[:digit:]]+/){3}[.[:digit:]]+)?(, dsn=[45](\.[[:digit:]]+){2})?, status=(deferred|bounced|undeliverable) \(host [._[:alnum:]-]+\[[[:digit:].]{7,15}\] said: [45][[:digit:]][[:digit:]] .+ \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.[:digit:]]+,( delays=[.[:digit:]/]+, dsn=[[:digit:].]+,)? status=sent \(250 Ok: queued as [[:digit:]A-F]+\)$
@@ -51,7 +51,7 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: host [^[:space:]]+ refused to talk to me: [45][[:digit:]][[:digit:]].*$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: host [^[:space:]]+ said: [45][[:digit:]][[:digit:]][- ]+.* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|(end of )?DATA) command\)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while performing the HELO handshake$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while performing the (HELO|EHLO) handshake$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while receiving the initial (SMTP|server) greeting$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while sending end of data -- message may be sent more than once$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: [[:upper:][:digit:]]+: lost connection with [^[:space:]]+ while sending( [[:upper:]]+){1,2}( command)?$

More information about the Logcheck-commits mailing list