At least the policyd-weight in lenny seems to generate quite different
patterns. For example the 'rate' is output multiple times in some
situations, the 'check from' is omited sometimes and somehow those log
messages have a trailing blank.
With those patterns logcheck stays silent again.
Signed-off-by: Mathias Krause <mini...@googlemail.com>
---
rulefiles/linux/ignore.d.server/postfix | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/postfix
b/rulefiles/linux/ignore.d.server/postfix
index be14415..2a6b554 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -29,10 +29,10 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]: :
SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [[:digit:]a-f.:]+,
header_comment=[.[:alnum:]]+: domain of [%[:punct:][:alnum:]...@[.[:alnum:]]+
designates [[:xdigit:].:]{3,39} as permitted sender$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]:
decided action=DUNNO$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/policy-spf\[[[:digit:]]+\]:
handler sender_permitted_from: DUNNO$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND
X-policyd-weight): ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) )+(\(check from:
[^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\)
([\()/_[:alnum:]]+=(-)?[[:digit:].]+ )+)*<client=[^[:space:]]+>
<helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>, rate:
(-)?[[:digit:].]+(; delay: [[:digit:]]+s)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+
from HAM cache$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail
appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO
and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo:
[^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)|please
relay via your ISP \([._[:alnum:]-]+\)))*|Your MTA is listed in too many
DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors -
retrying too fast\. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries\.)(
\(multirecipient mail\))?(; delay: [[:digit:]]+s)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND
X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+(; delay:
[[:digit:]]+s)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: (weighted check|decided action=PREPEND
X-policyd-weight): ([_[:alpha:]]+=((-)?[[:digit:].]+|ERR) ?)+(\(check from:
[^[:space:]]+ - helo: [^[:space:]]+ - helo-domain: [^[:space:]]+\)
([\()/_[:alnum:]]+=(-)?[[:digit:].]+ ?)+)?(; rate: (-)?[[:digit:].]+)?;
*<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+>
<to=[^[:space:]]+>(; rate: (-)?[[:digit:].]+)?(; delay: [[:digit:]]+s)? ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: cache: (purged|deleted) [^[:space:]]+
from HAM cache ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: decided action=(450 |550) (Mail
appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO
and DNS MX settings or to get removed from DNSBLs(; (in [^[:space:]]+|MTA helo:
[^[:space:]]+, MTA hostname: [^[:space:]]+ \(helo/hostname mismatch\)|please
relay via your ISP \([._[:alnum:]-]+\)))*|Your MTA is listed in too many
DNSBLs; check [^[:space:]]+|temporarily blocked because of previous errors -
retrying too fast\. penalty: [[:digit:]]+ seconds x [[:digit:]]+ retries\.)(
\(multirecipient mail\))?(; delay: [[:digit:]]+s)? ?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
postfix/policyd-weight\[[[:digit:]]+\]: decided action=PREPEND
X-policyd-weight: using cached result; rate:(hard:)? (-)?[[:digit:].]+(;
*<client=[^[:space:]]+> <helo=[^[:space:]]+> <from=[^[:space:]]+>
<to=[^[:space:]]+>)?(; delay: [[:digit:]]+s)? ?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postfix-script: refreshing
the Postfix mail system$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/postsuper\[[[:digit:]]+\]:
Deleted: [[:digit:]]+ messages?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/qmgr\[[[:digit:]]+\]:
[[:alnum:]]+: from=<[^[:space:]]*>, size=[[:digit:]]+, nrcpt=[[:digit:]]+
\(queue active\)$
--
1.5.6.5
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
