Package: logcheck-database
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
postfix's syslog_name is configurable, see [1]. Same sittuation as
with horde3 [2]. Here are some lines from my syslog:
Jun 26 00:03:59 client martins [EMAIL PROTECTED]()[]&*;'./\,##/smtpd[5337]:
connect from localhost.localdomain[127.0.0.1]
Jun 26 00:04:03 client martins [EMAIL PROTECTED]()[]&*;'./\,##/smtpd[5337]:
disconnect from localhost.localdomain[127.0.0.1]
:-)
bye, Martin
[1] http://www.postfix.org/postconf.5.html#syslog_name
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324613
- -- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (700, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.1
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEnwiHOvJj+wS6JuIRAq63AJ9gTIjoxLYgliRT+0nr+mUtMh0XdACgrvRs
1fQ9V2aqodgeLDZqjYsqoQU=
=8VUQ
-----END PGP SIGNATURE-----
Index: linux/ignore.d.paranoid/postfix
===================================================================
RCS file: /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.paranoid/postfix,v
retrieving revision 1.4
diff -u -r1.4 postfix
--- linux/ignore.d.paranoid/postfix 28 Mar 2006 23:00:14 -0000 1.4
+++ linux/ignore.d.paranoid/postfix 25 Jun 2006 22:00:57 -0000
@@ -1,19 +1,19 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/pickup\[[0-9]+\]: [[:alnum:]]+:
uid=[0-9]+ from=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
(resent-|)message-id=<([^[:space:]]+|)>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/nqmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+,
dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+,
(delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: disconnect from
[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: connect from
[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|pipe|virtual)\[[0-9]+\]:
[[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, |)relay=[^[:space:]]+,
delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: alias
database\.\*rebuilt$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: aliases\.\*longest$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: from=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: lost input channel$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]:
message-id=<([^[:space:]]+|)>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: putoutmsg$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: status=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix\[[0-9]+\]: timeout waiting$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+: Connection timed out \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/pickup\[[0-9]+\]: [[:alnum:]]+:
uid=[0-9]+ from=[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/cleanup\[[0-9]+\]: [[:alnum:]]+:
(resent-|)message-id=<([^[:space:]]+|)>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/nqmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+,
dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+,
(delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: disconnect from
[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: connect from
[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/(local|pipe|virtual)\[[0-9]+\]:
[[:alnum:]]+: to=[^[:space:]]+, (orig_to=[^[:space:]]+, |)relay=[^[:space:]]+,
delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: alias database\.\*rebuilt$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: aliases\.\*longest$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: from=[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: lost input channel$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: message-id=<([^[:space:]]+|)>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: putoutmsg$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: status=[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+\[[0-9]+\]: timeout waiting$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to
[^[:space:]]+: Connection timed out \(port 25\)$
Index: linux/ignore.d.server/postfix
===================================================================
RCS file: /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.server/postfix,v
retrieving revision 1.56
diff -u -r1.56 postfix
--- linux/ignore.d.server/postfix 4 Jun 2006 21:52:31 -0000 1.56
+++ linux/ignore.d.server/postfix 25 Jun 2006 22:00:57 -0000
@@ -1,77 +1,77 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
skipped, still being delivered$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<.*>, status=expired, returned to sender$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
message-id=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
removed$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery
temporarily suspended: connect to [^[:space:]]+: (Connection timed out|read
timeout|Connection refused)\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery
temporarily suspended: Host or domain name not found. Name service error for
name=[^[:space:]]+ type=MX: Host not found, try again\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
message-id=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open
Berkeley db /etc/sasldb: No such file or directory$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=10:certificate has expired$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=18:self signed certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=19:self signed certificate in certificate chain$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=20:unable to get local issuer certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=21:unable to verify the first certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=24:invalid CA certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=26:unsupported certificate purpose$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: verify
error:num=27:certificate not trusted$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Peer|Server)
certificate could not be verified$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for
hostname [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection
established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher [^[:space:]]+
\([/0-9]+ bits\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS
connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Verified:
subject_CN=.*, issuer=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Unverified:
subject_CN=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: OTP unavailable
because can't read/write key database /etc/opiekeys: No such file or directory$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Connection refused \(port [0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ No route to host \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ Network is unreachable \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ server refused mail service \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+\[[0-9a-f.:]{3,39}\]: read timeout \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/n?qmgr\[[0-9]+\]: [[:alnum:]]+: skipped,
still being delivered$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<.*>, status=expired, returned to sender$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
message-id=.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/n?qmgr\[[0-9]+\]: [[:alnum:]]+: removed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery
temporarily suspended: connect to [^[:space:]]+: (Connection timed out|read
timeout|Connection refused)\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/n?qmgr\[[0-9]+\]: [[:alnum:]]+:
to=<[^[:space:]]+>, relay=none, delay=[0-9]+, status=deferred \(delivery
temporarily suspended: Host or domain name not found. Name service error for
name=[^[:space:]]+ type=MX: Host not found, try again\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/cleanup\[[0-9]+\]: [[:alnum:]]+:
message-id=.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: unable to open Berkeley
db /etc/sasldb: No such file or directory$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=10:certificate has expired$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=18:self signed certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=19:self signed certificate in certificate chain$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=20:unable to get local issuer certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=21:unable to verify the first certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=24:invalid CA certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=26:unsupported certificate purpose$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: verify
error:num=27:certificate not trusted$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: cert has expired$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: (Peer|Server)
certificate could not be verified$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for
hostname [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: TLS connection
established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher [^[:space:]]+
\([/0-9]+ bits\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: setting up TLS
connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]:
fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: Verified:
subject_CN=.*, issuer=.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: Unverified:
subject_CN=.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: OTP unavailable because
can't read/write key database /etc/opiekeys: No such file or directory$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: (RCPT|MAIL) from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: [45][0-9][0-9] .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to [^[:space:]]+
Connection refused \(port [0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to [^[:space:]]+
No route to host \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to [^[:space:]]+
Network is unreachable \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to [^[:space:]]+
server refused mail service \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to
[^[:space:]]+\[[0-9a-f.:]{3,39}\]: read timeout \(port 25\)$
# Postfix 2.1
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ server dropped connection without sending the initial SMTP
greeting \(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending end of data -- message may be
sent more than once$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection
after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of
DATA) command\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: no MX host
for [^[:space:]]+ has a valid A record$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: host
[^[:space:]]+ greeted me with my own hostname [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: host
[^[:space:]]+ replied to HELO/EHLO with my own hostname [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: decided
action=DUNNO$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to [^[:space:]]+
server dropped connection without sending the initial SMTP greeting \(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+: host
[^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost
connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost
connection with [^[:space:]]+ while receiving the initial SMTP greeting$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+: lost
connection with [^[:space:]]+ while sending end of data -- message may be sent
more than once$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: lost connection after
(AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+: host
[^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA)
command\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: no MX host for
[^[:space:]]+ has a valid A record$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: host
[^[:space:]]+ greeted me with my own hostname [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: host
[^[:space:]]+ replied to HELO/EHLO with my own hostname [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/policy-spf\[[0-9]+\]: decided
action=DUNNO$
# Postfix < 2.1
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+: server dropped connection without sending the initial greeting
\(port 25\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=\<.*\>, relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] said:
.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
([0-9a-f.:]{3,39})+: address not listed for hostname [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: too many errors
after RCPT from [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
valid_hostname: invalid character [0-9]+\(decimal\): .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
valid_hostname: misplaced delimiter: .$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning:
valid_hostname: empty hostname$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: malformed
domain name in resource data of MX record for .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: numeric
domain name in resource data of MX record for [._[:alnum:]-]+: [0-9a-f.:]{3,39}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: mailer
loop: best MX for [^[:space:]]+ is local$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
enabling PIX <CRLF>\.<CRLF> workaround for .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: malformed
domain name in resource data of CNAME record for [^[:space:]]+: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: timeout after
(HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<.+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric
result [[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal
address syntax from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL
command: .*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept error
from [._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_spf_result: unknown SPF result 4 \(unknown\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=[^[:space:]]+, delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)?
status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued
as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=local, delay=[0-9]+, status=sent \(delivered to command: exec
/usr/bin/procmail\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL
PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start
interval \w{3} [ :0-9]{11}$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics:
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: max
simultaneous domains=[0-9]+ addresses=[0-9]+ connection=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: initializing the
server-side TLS engine$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: reply
length [0-9]+ > buffer length 4096 for name=[^[:space:]]+ type=[A-Z]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: connect to
[^[:space:]]+: server dropped connection without sending the initial greeting
\(port 25\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:alnum:]]+: to=\<.*\>,
relay=[^[:space:]]+\], status=deferred \(host [^[:space:]]+\] said: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
([0-9a-f.:]{3,39})+: address not listed for hostname [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: too many errors after
RCPT from [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
valid_hostname: invalid character [0-9]+\(decimal\): .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
valid_hostname: misplaced delimiter: .$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: valid_hostname:
empty hostname$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: malformed
domain name in resource data of MX record for .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: numeric domain
name in resource data of MX record for [._[:alnum:]-]+: [0-9a-f.:]{3,39}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: warning: mailer loop:
best MX for [^[:space:]]+ is local$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+:
enabling PIX <CRLF>\.<CRLF> workaround for .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning: malformed
domain name in resource data of CNAME record for [^[:space:]]+: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: timeout after
(HELO|EHLO|MAIL|RCPT|DATA|RSET|CONNECT|END-OF-MESSAGE) from [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_sender=.*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, [EMAIL PROTECTED]:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/cleanup\[[0-9]+\]: [[:alnum:]]+:
resent-message-id=<.+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning: numeric result
[[0-9a-f.:]{3,39}]+ in address->name lookup for [^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning: Illegal
address syntax from [^[:space:]]+ in (MAIL|RCPT) command: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] sent non-SMTP
command: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning: Illegal
address syntax from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\] in MAIL
command: .*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept error from
[._[:alnum:]-]+\[[0-9a-f.:]{3,39}\]: -1$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
smtpd_spf_result: unknown SPF result 4 \(unknown\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE,
id=[-0-9]+))*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/local\[[0-9]+\]: [[:upper:][:digit:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+,
status=sent \(delivered to command: exec /usr/bin/procmail\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/policy-spf\[[0-9]+\]: : SPF pass:
smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+,
header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:[EMAIL
PROTECTED]:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/anvil\[[0-9]+\]: statistics: max cache
size [[:digit:]]+ at \w{3} [ :0-9]{11}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/scache\[[0-9]+\]: statistics: start
interval \w{3} [ :0-9]{11}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/scache\[[0-9]+\]: statistics:
(domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/scache\[[0-9]+\]: statistics: max
simultaneous domains=[0-9]+ addresses=[0-9]+ connection=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: initializing the
server-side TLS engine$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: warning: reply length
[0-9]+ > buffer length 4096 for name=[^[:space:]]+ type=[A-Z]+$
Index: linux/ignore.d.workstation/postfix
===================================================================
RCS file:
/cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.workstation/postfix,v
retrieving revision 1.3
diff -u -r1.3 postfix
--- linux/ignore.d.workstation/postfix 14 Aug 2004 11:46:23 -0000 1.3
+++ linux/ignore.d.workstation/postfix 25 Jun 2006 22:00:57 -0000
@@ -1,16 +1,16 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: (starting|stopping)
the Postfix mail system$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: refreshing the
Postfix mail system$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: terminating on
signal 15$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: daemon started --
version [.[:alnum:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: reload
configuration$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/virtual\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/virtual\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+,
status=[[:alnum:]]+ \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: starting TLS
engine$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
SSL_accept:before/accept initialization$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
SSL_accept:before/accept initialization$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:(error
in )?SSL(v2/v3|v3) read client (hello|certificate) (A|B)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:error
in SSL(v2/v3|v3) read certificate verify A$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3
read client (hello|key exchange) A$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3
write (certificate|server hello|key exchange|server done|change cipher spec) A$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3
flush data$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3
(read|write) finished A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/postfix-script: (starting|stopping) the
Postfix mail system$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/postfix-script: refreshing the Postfix
mail system$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/master\[[0-9]+\]: terminating on signal
15$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/master\[[0-9]+\]: daemon started --
version [.[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/master\[[0-9]+\]: reload configuration$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/virtual\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/virtual\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+,
status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: starting TLS engine$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]:
SSL_accept:before/accept initialization$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]:
SSL_accept:before/accept initialization$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept:(error in
)?SSL(v2/v3|v3) read client (hello|certificate) (A|B)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept:error in
SSL(v2/v3|v3) read certificate verify A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept:SSLv3 read
client (hello|key exchange) A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept:SSLv3 write
(certificate|server hello|key exchange|server done|change cipher spec) A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept:SSLv3 flush
data$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: SSL_accept:SSLv3
(read|write) finished A$
Index: linux/violations.ignore.d/logcheck-postfix
===================================================================
RCS file:
/cvsroot/logcheck/logcheck/rulefiles/linux/violations.ignore.d/logcheck-postfix,v
retrieving revision 1.25
diff -u -r1.25 logcheck-postfix
--- linux/violations.ignore.d/logcheck-postfix 4 Jun 2006 21:44:54 -0000
1.25
+++ linux/violations.ignore.d/logcheck-postfix 25 Jun 2006 22:00:57 -0000
@@ -1,28 +1,28 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[.[:digit:]]+: hostname [^[:space:]]+ verification failed: (Host not found|Host
name has no address|Name or service not known|Temporary failure in name
resolution)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
reject: RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your
hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP)
helo=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>:
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo command
rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied;
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Sender
address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Client
host \[[0-9.]{7,15}\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>: User
unknown in local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: hostname [^[:space:]]+
verification failed: (Temporary failure in name resolution|Name or service not
known|No address associated with hostname)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: Peer verification:
CommonName in certificate does not match: [._*[:alnum:]-]+ != [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ said: [45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL
FROM|RCPT TO|end of DATA) command\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\], delay=[0-9]+,
status=(deferred|bounced) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\] said:
[45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA)
command\)\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [A-Z0-9]+:
to=<[^[:space:]]+>, relay=[^[:space:]]+, delay=[0-9]+, status=deferred \(host
[^[:space:]]+ refused to talk to me: [^[:space:]]+ 554 Access denied\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Read
failed in network_biopair_interop with errno=[0-9]+: num_read=[0-9]+,
want_read=[0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: handler
sender_permitted_from: DUNNO$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF none:
smtp_comment=SPF: domain of sender [^[:space:]]+ does not designate mailers,
header_comment=[.[:lower:]]+: domain of [^[:space:]]+ does not designate
permitted sender hosts$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+:( num=10:)?certificate has expired$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=18:self signed certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=19:self signed certificate in
certificate chain$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=20:unable to get local issuer
certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=21:unable to verify the first
certificate$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=27:certificate not trusted$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer
name verification failed for [^[:space:]]+: [[:digit:]]+ dNSNames in
certificate found, but none matches
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: certificate peer
name verification failed for [^[:space:]]+: CommonName mis-match:(
[._[:alnum:]-]+)?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host
rejected: Greylisted for [0-9]+ (seconds|minutes)( \(see
http://isg.ee.ethz.ch/tools/postgrey/help/[.[:alnum:]-]+.html\))?;
from=<[^[:space:]]+> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)*
relay=local, delay=[0-9]+, status=sent \(delivered to command:
/var/lib/mailman/mail/mailman admin [._[:alnum:]-]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject:
RCPT from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access
denied; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP
helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning: [.[:digit:]]+:
hostname [^[:space:]]+ verification failed: (Host not found|Host name has no
address|Name or service not known|Temporary failure in name resolution)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:alnum:]]+: reject:
RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your
hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP)
helo=[^[:space:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>:
(Sender|Recipient) address rejected: .+; from=<[^[:space:]]*>
to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo command
rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied;
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Sender
address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Client
host \[[0-9.]{7,15}\] blocked using [._[:alnum:]-]+;( .*;)?
from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>: User
unknown in local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: hostname [^[:space:]]+
verification failed: (Temporary failure in name resolution|Name or service not
known|No address associated with hostname)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: Peer verification:
CommonName in certificate does not match: [._*[:alnum:]-]+ != [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+: host
[^[:space:]]+ said: [45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT
TO|end of DATA) command\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [[:upper:]0-9]+:
to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\], delay=[0-9]+,
status=(deferred|bounced) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\] said:
[45][0-9][0-9] .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA)
command\)\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtp\[[0-9]+\]: [A-Z0-9]+:
to=<[^[:space:]]+>, relay=[^[:space:]]+, delay=[0-9]+, status=deferred \(host
[^[:space:]]+ refused to talk to me: [^[:space:]]+ 554 Access denied\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: warning: Read failed in
network_biopair_interop with errno=[0-9]+: num_read=[0-9]+, want_read=[0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/policy-spf\[[0-9]+\]: handler
sender_permitted_from: DUNNO$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/policy-spf\[[0-9]+\]: : SPF none:
smtp_comment=SPF: domain of sender [^[:space:]]+ does not designate mailers,
header_comment=[.[:lower:]]+: domain of [^[:space:]]+ does not designate
permitted sender hosts$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+:( num=10:)?certificate has expired$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=18:self signed certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=19:self signed certificate in
certificate chain$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=20:unable to get local issuer
certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=21:unable to verify the first
certificate$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate
verification failed for [^[:space:]]+: num=27:certificate not trusted$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate peer name
verification failed for [^[:space:]]+: [[:digit:]]+ dNSNames in certificate
found, but none matches
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd?\[[0-9]+\]: certificate peer name
verification failed for [^[:space:]]+: CommonName mis-match:( [._[:alnum:]-]+)?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: [[:upper:]0-9]+:
reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Client host
rejected: Greylisted for [0-9]+ (seconds|minutes)( \(see
http://isg.ee.ethz.ch/tools/postgrey/help/[.[:alnum:]-]+.html\))?;
from=<[^[:space:]]+> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/qmgr\[[0-9]+\]: [[:alnum:]]+:
from=<([^[:space:]]+|)>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/local\[[0-9]+\]: [[:upper:][:digit:]]+:
to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+,
status=sent \(delivered to command: /var/lib/mailman/mail/mailman admin
[._[:alnum:]-]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ .+/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT
from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access denied;
from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$
