thr3ads.net - Logcheck users - [Logcheck-users] Postfix rule that doesn't works? [Oct 2006]

If this information is useful, please help other people find it:
Share via:

Benjamí Villoslada

2006-Oct-12 17:04 UTC

[Logcheck-users] Postfix rule that doesn't works?

Hi,

In /etc/logcheck/violations.ignore.d/logcheck-postfix have this rule:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: 
reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>: User
unknown in
 local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|
SMTP) helo=<[^[:space:]]+>$

Seems that should filter messages like this:

Oct 12 02:23:10 localhost postfix/smtpd[20827]: NOQUEUE: reject: RCPT from 
mxhub02.xxx.net[212.9.65.112]: 550 5.1.1 <Johnie.Call@xxx.net>: Recipient 
address rejected: User unknown in local recipient table; from=<> 
to=<Johnie.Call@xxx.net> proto=ESMTP helo=<mailhub02a.xxx.net>

but those messages come in.  Any solution?  --I'm sorry, I'm not skilled
with
regexp (and english) O:)

Regards,

-- 
Benjam?
http://blog.bitassa.cat



.

Elmar Hoffmann

2006-Oct-17 17:58 UTC

head link

[Logcheck-users] Postfix rule that doesn't works?

Hi,

on Thu, Oct 12, 2006 at 19:03:58 +0200, Benjam? Villoslada wrote:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
[[:upper:]0-9]+:
> reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] <.+>:
User
> unknown in
>  local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|
> SMTP) helo=<[^[:space:]]+>$
> 
> Seems that should filter messages like this:
> 
> Oct 12 02:23:10 localhost postfix/smtpd[20827]: NOQUEUE: reject: RCPT from 
> mxhub02.xxx.net[212.9.65.112]: 550 5.1.1 <Johnie.Call@xxx.net>:
Recipient
> address rejected: User unknown in local recipient table; from=<> 
> to=<Johnie.Call@xxx.net> proto=ESMTP helo=<mailhub02a.xxx.net>
The "Recipient address rejected:" part ist not covered by above regex.

That aside, two things that caught my eye 'E?SMTP' is simpler than
'(ESMTP|SMTP)' and you probably should make the '<.+>'
more specific
(like the other ones).

elmar

-- 

 .'"`.                                                           
/"\
| :' :   Elmar Hoffmann <elho@elho.net>    ASCII Ribbon Campaign  \ /
`. `'    GPG key available via pgp.net        against HTML email   X
  `-                                                    & vCards  / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20061017/563105d3/attachment.pgp

Logcheck users - Oct 2006 - Postfix rule that doesn't works?

[Logcheck-users] Postfix rule that doesn't works?

[Logcheck-users] Postfix rule that doesn't works?