Frédéric Brière
2007-Aug-14 02:12 UTC
[Logcheck-devel] Bug#437752: logcheck-database: ignore rules for postfix's reject_unknown_sender_domain
Package: logcheck-database
Version: 1.2.54
Severity: wishlist
Enabling reject_unknown_sender_domain allows one to filter out some of
the crap that spammers send, but it often generates one or two warnings.
Here are some ignore rules to weed those out:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: numeric hostname: [0-9.]{7,15}$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: valid_hostname: empty hostname$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: malformed domain name in resource data of MX record for
[._[:alnum:]-]+:.*$
The first warning is issued when the MAIL FROM domain reverse-resolves
to an all-numeric hostname (like 84.16.227.85 at the moment), while the
other two are issued together when the MAIL FROM domain has an MX record
with garbage in it (usually ".").
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Frédéric Brière
2007-Aug-14 18:52 UTC
[Logcheck-devel] Bug#437752: logcheck-database: ignore rules for postfix's reject_unknown_sender_domain
reopen 437752 retitle 437752 logcheck-database: backport postfix valid_hostname rules thanks On Tue, Aug 14, 2007 at 02:14:37PM -0400, Fr?d?ric Bri?re wrote:> I see that all three rules were already added in 1.2.56. Thanks guys!Dang. It would appear that postfix's wording changed between 2.3 and 2.4 -- 2.3 does not include the "valid_hostname" part. Would it be possible to make that part optional? ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (valid_hostname: )?empty hostname$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: warning: (valid_hostname: )?numeric hostname: [.[:digit:]]+$ That way, folks who've got logcheck backported would benefit from this. -- Packages should build-depend on what they should build-depend. -- Santiago Vila on debian-devel
martin f krafft
2007-Aug-23 07:47 UTC
[Logcheck-devel] Bug#437752: Bug#437752: logcheck-database: ignore rules for postfix's reject_unknown_sender_domain
also sprach Fr?d?ric Bri?re <fbriere at fbriere.net> [2007.08.14.0412 +0200]:> Enabling reject_unknown_sender_domain allows one to filter out some of > the crap that spammers send, but it often generates one or two warnings. > Here are some ignore rules to weed those out: > > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: numeric hostname: [0-9.]{7,15}$ > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: valid_hostname: empty hostname$ > ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: malformed domain name in resource data of MX record for [._[:alnum:]-]+:.*$Please always let us know whether this is a system event or a security event you're reporting. Is it ignore.d.* or violations.ignore.d? Anyway, #437752 is done. -- .''`. martin f. krafft <madduck at debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/) Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20070823/b1acfb50/attachment.pgp