Frédéric Brière
2007-Aug-14 17:19 UTC
[Logcheck-devel] Bug#437882: logcheck-database: violations.ignore rule for postfix's ETRN warnings
Package: logcheck-database Version: 1.2.54 Severity: wishlist Every once in a while, someone will connect to my Postfix server and issue an ETRN for a foreign domain. By default, Postfix only allows ETRNs for $relay_domains, and will thus reject the request, issuing a warnings that gets picked up as a security violation. Here's a rule that filters these out: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: reject: ETRN [._[:alnum:]-]+\.\.\. from [._[:alnum:]-]+\[[0-9.]{7,15}\]$ (Yes, the "..." would get picked up by the char class before it, but I prefered spelling it out.) -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash