On Thu, 2008-07-24 at 12:42 +0200, Ulrich Huber wrote:> Hello...
>
> I still find messages like these in my inbox
>
>
>
> Security Events
> =-=-=-=-=-=-=-> Jul 24 10:23:47 mail amavis[1515]: (01515-04) Passed
BAD-HEADER,
> [77.45.19.251] <n4vji at alaweb.com> -> <user at domain>,
quarantine:
> badh-Ovuc-BN+aDU3, Message-ID: <20071024122614.2732.qmail at home>,
> mail_id: Ovuc-BN+aDU3, Hits: -, queued_as: 250 OK id=1KLw6z-0001NF-LO,
> 4542 ms
>
> I already tried to get rid of them by editing
> violations.ignore.d/logcheck-amavisd-new an inserting the following
> line:
That will only filter out entries created from patterns in
violations.d/logcheck-amavisd-new. Assuming you have the right pattern,
the trick is putting it in the right place (directory and filename).
See /usr/share/doc/logcheck-database/README.logcheck-database.gz for the
exact rules.
Ross>
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
> \([-[:digit:]]+\) Passed BAD-HEADER, \[[.[:digit:]]{7,15}\]
> \[[.[:digit:]]{7,15}\] <[^>]+> -> <[^>]+>, quarantine:
> badh-([[:alnum:]]+), Message-ID: <[^>]+>, mail_id: \1, Hits: -,
> queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
>
> System Events
> =-=-=-=-=-=-> Jul 24 10:33:49 mail amavis[1515]: (01515-06) (!) FWD via
SMTP:
> <yrieuhnxe at yyu.edu.tr> -> user at domain, 451 4.6.0 Failed,
id=01515-06,
> from MTA([127.0.0.1]:10025): 451 Please try again later
>
> for this, logcheck/ignore.d..server/amavisd.new contains:
>
> ^w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)?
> \(\!\) FWD via SMTP: \<\> \-\> \<[._[:alnum:]-]+\>\, 451
4.6.0 Failed,
> id= \([-[:digit:]]+\)\, from MTA([127.0.0.1]:10025): 451 Please try
> again later$
> ^w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)?
> \(\!\) FWD via SMTP: \<\> \-\> \<[._[:alnum:]-]+\>\, 550
4.6.0 Failed,
> id= \([-[:digit:]]+\)\, from MTA([127.0.0.1]:10025): 550 Rejected$
>
> Where did I make my (usual) mistake ?
>
> Thanks for help.....
> _______________________________________________
> Logcheck-users mailing list
> Logcheck-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-users
--
Ross Boylan wk: (415) 514-8146
185 Berry St #5700 ross at biostat.ucsf.edu
Dept of Epidemiology and Biostatistics fax: (415) 514-8150
University of California, San Francisco
San Francisco, CA 94107-1739 hm: (415) 550-1062