Bug#274497: [Logcheck-devel] Bug#274497: Add blocked messages to violations.ignore.d/logcheck-postfix
maks attems
debian at sternwelten.at
Thu Oct 21 18:10:46 UTC 2004
On Sat, 02 Oct 2004, maks attems wrote:
> well not so bad for a huge logline, but
> * hostnames are matched with [._[:alnum:]-]+
> * ipv4 with [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
> * emails are remote supplied strings so use '.*'
>
> and aboves regex can't match do other small errors.
> i've crafted belows out of your message,
> i'm quite shure that it is far too generic,
> as it will only math the "Service unavailable loglines
> i was surprised that the string
> "from=<Terrell at incamail.com>to=<marlene at blipp.com>"
> but i didn't have more loglines to match with.
>
> please test this rule by copying attached file in dir
> /etc/logcheck/violations.ignore.d
> and report the messages you are still getting when using rbl's
>
> other tested rules are of course warmly welcomed. :)
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: [0-9]{3} Service unavailable; Client host +\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] blocked using [._[:alnum:]-]+; Blocked - see [^[:space:]]+; from=<.*>to=<.*> proto=(ESMTP|SMTP) helo=<[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}>$
please respond to the asked questions?
--
maks
More information about the Logcheck-devel
mailing list