Logcheck devel - May 2006 - irgnore rule for postfix

Hi,

I would like to have the following rule added to
/etc/logcheck/ignore.d.server/postfix:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE:
reject: RCPT from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554
<[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
Client host rejected: Access denied; from=<.*> to=<.*> proto=SMTP
helo=<[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}>$

The file that should be ignored:

May 15 19:33:06 djinn01 postfix/smtpd[22807]: NOQUEUE: reject: RCPT from
pool-71-111-148-254.ptldor.dsl-w.verizon.net[71.111.148.254]: 554
<pool-71-111-148-254.ptldor.dsl-w.verizon.net[71.111.148.254]>: Client
host rejected: Access denied; from=<mshema at fsmail.net>
to=<martin at mein-horde.de> proto=SMTP helo=<69.179.192.38>

I've created a rule in postfix's access list to block *verizon.net, so
it is not necessary to appear in logcheck's report.

bye, Martin
-- 

Powerd by Debian GNU Linux


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060516/8e87082e/attachment.pgp

Martin Lohmeier wrote:
> Hi,
> 
> I would like to have the following rule added to
> /etc/logcheck/ignore.d.server/postfix:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE:
> reject: RCPT from
> [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554
> <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
> Client host rejected: Access denied; from=<.*> to=<.*>
proto=SMTP
> helo=<[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}>$
This one will not cover all cases.

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE:
reject: RCPT from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554
<[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
Client host rejected: Access denied; from=<.*> to=<.*> proto=SMTP
helo=<.*>$

But this will do.

bye, Martin

-- 

Powerd by Debian GNU Linux


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060517/b9b6bf97/attachment.pgp