Logcheck devel - May 2006 - Bug#368313: logcheck-database: new postfix violations ignore rule

Package: logcheck-database
Version: 1.2.39
Severity: wishlist

Hi,

I'd like to add the following rule to
/etc/logcheck/violations.ignore.d/logcheck-postfix :

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject:
RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554
<[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
Client host rejected: Access denied; from=<.*> to=<.*>
proto=(SMTP|ESMTP) helo=<.*>$

The attached file contain a few line that should be ignored.

bye, Martin

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.13  Debian configuration management sy

-- debconf information:
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false
-------------- next part --------------
May 18 16:26:07 djinn01 postfix/smtpd[6276]: NOQUEUE: reject: RCPT from
pool-71-250-116-27.nwrknj.east.verizon.net[71.250.116.27]: 554
<pool-71-250-116-27.nwrknj.east.verizon.net[71.250.116.27]>: Client host
rejected: Access denied; from=<kev917ybv at earthlink.net>
to=<sebastian at feltel.de> proto=SMTP helo=<earthlink.net>
May 18 19:31:33 djinn01 postfix/smtpd[18576]: NOQUEUE: reject: RCPT from
pool-71-254-6-64.burl.east.verizon.net[71.254.6.64]: 554
<pool-71-254-6-64.burl.east.verizon.net[71.254.6.64]>: Client host
rejected: Access denied; from=<nicholas at paramed.biz> to=<sebastian
at monochromata.de> proto=ESMTP helo=<friend>
May 18 20:45:49 djinn01 postfix/smtpd[23435]: NOQUEUE: reject: RCPT from
pool-70-20-124-238.pitt.east.verizon.net[70.20.124.238]: 554
<pool-70-20-124-238.pitt.east.verizon.net[70.20.124.238]>: Client host
rejected: Access denied; from=<alexander at e-standard.biz> to=<blackm
at ferris.dyndns.info> proto=ESMTP helo=<friend>

package logcheck-database
tags 368313 pending
thanks

On 21 May 2006, at 12:45, Martin Lohmeier wrote:
> I'd like to add the following rule to /etc/logcheck/ 
> violations.ignore.d/logcheck-postfix :
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]:  
> NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\. 
> [0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9] 
> {1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>: Client host rejected: Access  
> denied; from=<.*> to=<.*> proto=(SMTP|ESMTP) helo=<.*>$
>
> The attached file contain a few line that should be ignored.
I've added the following rule to violations.ignore.d/logcheck- 
postfix, which matches the log messages you provided:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE:  
reject: RCPT from [^[:space:]]+: 554 <[^[:space:]]+>: Client host  
rejected: Access denied; from=<[^[:space:]]+> to=<[^[:space:]]+>  
proto=E?SMTP helo=<[^[:space:]]+>$

It'll be included in the next release.

Thanks for your bug report,

-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060604/a0a92c02/attachment.pgp

Processing commands for control at bugs.debian.org:
> package logcheck-database
Ignoring bugs not assigned to: logcheck-database
> tags 368313 pending
Bug#368313: logcheck-database: new postfix violations ignore rule
There were no tags set.
Tags added: pending
> thanks
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)