forked from fabi125-zz/logcheck-rules
-
Notifications
You must be signed in to change notification settings - Fork 0
/
postfix-custom
9 lines (9 loc) · 2 KB
/
postfix-custom
1
2
3
4
5
6
7
8
9
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtp\[[[:digit:]]+\]: warning: network_biopair_interop: error reading [[:digit:]]+ bytes from the network: Connection reset by peer$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: sql plugin create statement from (cmusaslsecretPLAIN|cmusaslsecretCRAM-MD5|cmusaslsecretDIGEST-MD5|userPassword) [^[:space:]]+ [^[:space:]]+
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: sql plugin doing query SELECT password FROM [_[:alnum:]]+ WHERE [_[:alnum:]]+='[._@[:alnum:]-]+' OR [_[:alnum:]]+='[._@[:alnum:]-]+';?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: NOQUEUE: reject: [[:upper:]]+ from [^[:space:]]+: 554( 5\.7\.1)? <[^[:space:]]*>: Client host rejected: All mail from Russia is blocked!;( from=<[^[:space:]]*> to=<[^[:space:]]+>)? proto=E?SMTP( helo=<[^[:space:]]+>)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: improper command pipelining after RCPT from [._[:alnum:]-]+\[(unknown|[[:xdigit:].:]{3,39})\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: hostname [^[:space:]]+ does not resolve to address [[:xdigit:].:]{3,39}(: Name or service not known|: Temporary failure in name resolution)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd?\[[[:digit:]]+\]: ((Anonymous|Trusted|Verified) )?TLS connection established (to|from) [^[:space:]]+: (TLSv1(\.[12])?|SSLv[23]) with cipher [^[:space:]]+ \([/[:digit:]]+ bits\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [._[:alnum:]-]+\[(unknown|[[:xdigit:].:]{3,39})\]: SASL login authentication failed: authentication failure$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: reject: (CONNECT|RCPT) from [^[:space:]]+: [45][[:digit:]][[:digit:]]( [[:digit:]]\.[[:digit:]]\.[[:digit:]])? Client host rejected: cannot find your reverse hostname, [^[:space:]]+; (from=[^[:space:]]+ to=[^[:space:]]+ )?proto=E?SMTP( helo=[^[:space:]]+)?$