[Logcheck-devel] Bug#368318: logcheck-database: update for postfix violations ignore rule

[martin f krafft]

also sprach Martin Lohmeier <martin at mein-horde.de> [2006.05.21.1409 +0200]:
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host rejected: Greylisted for 300 seconds \(see http://isg.ee.ethz.ch/tools/postgrey/help/sythos.net.html\); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host rejected: Greylisted for [0-9]+ seconds \(see http://isg.ee.ethz.ch/tools/postgrey/help/.*.html\); from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$

If updating, then please also do not hard code the URL. In our
installations, we changed that URL to our own CGI.

Also, '.' is any character, so all the . in the URL should be
escaped.

>  ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$

And on the side, this rule is also too specific, isn't it?

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck at debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060703/858f65bf/attachment.pgp