Martin Lohmeier
2006-May-21 11:45 UTC
[Logcheck-devel] Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to
/etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject:
RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554
<[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
Client host rejected: Access denied; from=<.*> to=<.*>
proto=(SMTP|ESMTP) helo=<.*>$
The attached file contain a few line that should be ignored.
bye, Martin
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
-------------- next part --------------
May 18 16:26:07 djinn01 postfix/smtpd[6276]: NOQUEUE: reject: RCPT from
pool-71-250-116-27.nwrknj.east.verizon.net[71.250.116.27]: 554
<pool-71-250-116-27.nwrknj.east.verizon.net[71.250.116.27]>: Client host
rejected: Access denied; from=<kev917ybv at earthlink.net>
to=<sebastian at feltel.de> proto=SMTP helo=<earthlink.net>
May 18 19:31:33 djinn01 postfix/smtpd[18576]: NOQUEUE: reject: RCPT from
pool-71-254-6-64.burl.east.verizon.net[71.254.6.64]: 554
<pool-71-254-6-64.burl.east.verizon.net[71.254.6.64]>: Client host
rejected: Access denied; from=<nicholas at paramed.biz> to=<sebastian
at monochromata.de> proto=ESMTP helo=<friend>
May 18 20:45:49 djinn01 postfix/smtpd[23435]: NOQUEUE: reject: RCPT from
pool-70-20-124-238.pitt.east.verizon.net[70.20.124.238]: 554
<pool-70-20-124-238.pitt.east.verizon.net[70.20.124.238]>: Client host
rejected: Access denied; from=<alexander at e-standard.biz> to=<blackm
at ferris.dyndns.info> proto=ESMTP helo=<friend>
Jamie L. Penman-Smithson
2006-Jun-04 21:49 UTC
Bug#368313: [Logcheck-devel] Bug#368313: logcheck-database: new postfix violations ignore rule
package logcheck-database tags 368313 pending thanks On 21 May 2006, at 12:45, Martin Lohmeier wrote:> I'd like to add the following rule to /etc/logcheck/ > violations.ignore.d/logcheck-postfix : > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: > NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\. > [0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9] > {1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>: Client host rejected: Access > denied; from=<.*> to=<.*> proto=(SMTP|ESMTP) helo=<.*>$ > > The attached file contain a few line that should be ignored.I've added the following rule to violations.ignore.d/logcheck- postfix, which matches the log messages you provided: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+: 554 <[^[:space:]]+>: Client host rejected: Access denied; from=<[^[:space:]]+> to=<[^[:space:]]+> proto=E?SMTP helo=<[^[:space:]]+>$ It'll be included in the next release. Thanks for your bug report, -j -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060604/a0a92c02/attachment.pgp
Debian Bug Tracking System
2006-Jun-04 22:18 UTC
Processed: Re: [Logcheck-devel] Bug#368313: logcheck-database: new postfix violations ignore rule
Processing commands for control at bugs.debian.org:> package logcheck-databaseIgnoring bugs not assigned to: logcheck-database> tags 368313 pendingBug#368313: logcheck-database: new postfix violations ignore rule There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Seemingly Similar Threads
- Bug#317741: logcheck-database: fails to ignore properly some lines from 'rbldnsd'
- Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
- Bug#367781: logcheck-database: postfix/smtp read timeout (port 25) regexp wrong
- Bug#313601: logcheck-database: ignore mount version messages
- Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match