summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHendrik Jäger <gitcommit@henk.geekmail.org>2024-08-02 22:33:57 +0200
committerHendrik Jäger <gitcommit@henk.geekmail.org>2024-08-02 22:33:57 +0200
commitc5d1e46d92e99320ea1369d44d8f2f993a35b855 (patch)
tree1947c51036892e6df4b5e1c8cf2ad3d79bef5480
parentc088d268a6cf6c2e43aaaad8314f8b09b8bfbdb5 (diff)
update rules
-rw-r--r--files/etc/logcheck/ignore.d.server/local-exim7
-rw-r--r--files/etc/logcheck/ignore.d.server/local-openvpn4
2 files changed, 8 insertions, 3 deletions
diff --git a/files/etc/logcheck/ignore.d.server/local-exim b/files/etc/logcheck/ignore.d.server/local-exim
index 08c172a..cbfd252 100644
--- a/files/etc/logcheck/ignore.d.server/local-exim
+++ b/files/etc/logcheck/ignore.d.server/local-exim
@@ -40,14 +40,15 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: synchronization-error$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: tls-failed$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - public key record \(currently\?\) unavailable\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - syntax error in public key record\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - body hash mismatch \(body probably modified in transit\)\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - signature did not verify \(headers probably modified in transit\)\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification succeeded\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[^[:space:]]+ s=[^[:space:]]+ \[failed key import\]$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? dkim-signing-domain is [[:alnum:]_.-]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: validation error: Public key signature verification has failed\.$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(missing or malformed local part: failing address in "(From:|To:)" header is: .*\): missing or malformed local part: failing address in "(From:|To:)" header is: .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(unqualified address not permitted: failing address in "(From:|To:)" header is: .*\): unqualified address not permitted: failing address in "(From:|To:)" header is: .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(missing or malformed local part: failing address in "(From:|To:)" header is: .*\): missing or malformed local part( \(expected word or "<"\))?: failing address in "(From:|To:|Reply-To:)" header is: .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(unqualified address not permitted: failing address in "(From:|To:)" header is: .*\): unqualified address not permitted: failing address in "(From:|To:|Reply-To:)" header is: .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: Rejected due to site policy reasons\. Contact postmaster in case of problems\.$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: there is no valid sender in any header line$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> temporarily rejected after DATA: all attempts to verify a sender in a header line deferred$
@@ -127,7 +128,7 @@
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP data timeout \(message abandoned\) on( TLS)? connection from( [^[:space:]]+| \([^[:space:]]+\)| [^[:space:]]+ \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ F=<[^[:space:]]*>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP protocol error in "[^"]*" H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?(\[[[:xdigit:].:]+\]:[[:digit:]]+)? I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP protocol synchronization error \(next input sent too soon: pipelining was not advertised\): rejected .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP syntax error in ".*" H=([^[:space:]]+ )?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP syntax error in ".*" H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?(\[[[:xdigit:].:]+\]:[[:digit:]]+)? I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? Start queue run: pid=[[:digit:]]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? TLS error on connection from( [^[:space:]]+)?( \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \((gnutls_handshake|recv|send)\): A disallowed SNI server name has been received\.$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? TLS error on connection from( [^[:space:]]+)?( \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \((gnutls_handshake|recv|send)\): An unexpected TLS packet was received\.$
diff --git a/files/etc/logcheck/ignore.d.server/local-openvpn b/files/etc/logcheck/ignore.d.server/local-openvpn
index abc8722..bb2816d 100644
--- a/files/etc/logcheck/ignore.d.server/local-openvpn
+++ b/files/etc/logcheck/ignore.d.server/local-openvpn
@@ -1,4 +1,5 @@
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: \[[[:alnum:]._-]+\] Peer Connection Initiated with \[AF_INET\][[:xdigit:]:.]+$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: Connection Attempt read UDPv4 \[ECONNREFUSED(\|ECONNREFUSED)*\]: Connection refused \(fd=[[:digit:]]+,code=111\)$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: Could not determine IPv4/IPv6 protocol\. Using AF_INET$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: net_addr_ptp_v4_add: [[:xdigit:]:.]+ peer [[:xdigit:]:.]+ dev tun[[:digit:]]+$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: net_addr_ptp_v4_del: [[:xdigit:]:.]+ dev tun[[:digit:]]+$
@@ -13,3 +14,6 @@
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: TLS Error: TLS object -> incoming plaintext read error$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: UDPv4 link local \(bound\): \[AF_INET\]\[undef\]:1194$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: UDPv4 link remote: \[AF_UNSPEC\]$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: [[:xdigit:]:.]+ OpenSSL: error:0A0000C7:SSL routines::peer did not return a certificate$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: [[:xdigit:]:.]+ TLS_ERROR: BIO read tls_read_plaintext error$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: [[:xdigit:]:.]+ TLS Error: TLS object -> incoming plaintext read error$