Frédéric Brière
2008-Jan-25 01:42 UTC
[Logcheck-devel] [PATCH] Added more versions of "SASL authentication failure" postfix rule
Here are two more error messages that can occur with a screwed-up
DIGEST-MD5 authentication. (And I'm sure there are many more.)
(BTW, just for the record, the preceding SASL rule should ideally be
case-insensitive.)
Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net>
---
.../linux/violations.ignore.d/logcheck-postfix | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-postfix
b/rulefiles/linux/violations.ignore.d/logcheck-postfix
index 926f1ee..6f827ad 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-postfix
+++ b/rulefiles/linux/violations.ignore.d/logcheck-postfix
@@ -39,7 +39,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)? relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((,
id=[-0-9]+, from MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok)?: queued as
[0-9A-F]+|, discarded, UBE, id=[-0-9]+)*|, DSN muted \([45][0-9][0-9]
[45](\.[0-9]){2} .+\)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)?
delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 Ok: queued as
[0-9A-F]+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL
(LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed(:[ [:alnum:]]*)?$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: SASL authentication failure: Password verification failed$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: SASL authentication failure: (Password verification failed|required
parameters missing|realm changed: authentication aborted)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/local\[[[:digit:]]+\]:
warning: maildir access problem for UID/GID=[[:digit:]]+/[[:digit:]]+: create
[/.[:alnum:]]+: Permission denied$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]:
[[:upper:][:digit:]]+: to=<[^[:space:]]+>,(
orig_to=<[^[:space:]]+>,)? relay=local, delay=[0-9.]+(,
delays=([.0-9]+/){3}[.0-9]+)?(, dsn=[45](\.[0-9]+){2})?,
status=(deferred|bounced) \(.+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:upper:]0-9]+:
reject: header [^[:space:]]+:.+ from=<[^[:space:]]*>(
to=<[^[:space:]]+>)? proto=E?SMTP helo=<[^[:space:]]+>: .+$
--
1.5.3.8