-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This same problem occurs in another rule in logcheck-postfix: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: (MAIL|RCPT) from [^[:space:]]+: [45][0-9][0-9]( <[^[:space:]]*>:)? Sender address rejected: Domain not found; from=<[^[:space:]]*> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$ Many cases have a "to=" occuring after the "from=" and before the "proto=" as the following logline illustrates: Aug 11 05:02:04 buffy postfix/smtpd[30286]: NOQUEUE: reject: RCPT from unknown[0.0.0.0]: 450 <fsolarity at somehost.net>: Recipient address rejected: Temporarily refused, please try again later; from=<sdzhyakk2111287 at mail.ivnet.com.tw> to=<fsoliarity at somehost.net> proto=SMTP helo=<0.0.0.0>" So the "Sender address rejected: Domain not found" logcheck rule also needs to be modified in the same way as the "Sender address rejected" line was modified in the previous entries to this bug. I've attached a new patch, which resolves both of these issues, you can ignore the previous two patches as this one replaces those. Micah -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE3I/H9n4qXRzy1ioRArMtAKCkadeK25ISP5tMgS2/CUBoYnJ3mQCeOzAE 1PcTTOARWlUTyFZYMgclJPY=Z7x3 -----END PGP SIGNATURE----- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: postfix3.diff Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060811/3c9421ad/attachment.txt