Russ Allbery
2007-Sep-23 04:01 UTC
[Logcheck-devel] [PATCH] Ignore Postfix lost connection messages w/o IP address
Ignore messages like:
Sep 22 19:05:44 windlord postfix/smtpd[17526]: lost connection after CONNECT
from unknown[unknown]
with unknown as the IP address. Postfix 2.4.5 now logs these.
Signed-off-by: Russ Allbery <rra at debian.org>
---
rulefiles/linux/ignore.d.server/postfix | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/postfix
b/rulefiles/linux/ignore.d.server/postfix
index b10b74b..50c2103 100644
--- a/rulefiles/linux/ignore.d.server/postfix
+++ b/rulefiles/linux/ignore.d.server/postfix
@@ -43,7 +43,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while receiving the initial (SMTP|server)
greeting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while performing the HELO handshake$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending end of data -- message may be
sent more than once$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection
after [[:upper:]]+ from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection
after [[:upper:]]+ from
[._[:alnum:]-]+\[(unknown|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ said: .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of
DATA) command\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: warning: no MX host
for [^[:space:]]+ has a valid (A|address) record$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Unable to
look up (NS|MX) host for [._[:alnum:]-]+: Host not found(, try again)?$
--
1.5.3.1