X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=files%2Fetc%2Flogcheck%2Fignore.d.server%2Flocal-exim;h=d737fdde5ae2d6b8f7b615196d6afce220f303cf;hb=eaa3ce256b4cc038d3ed5d257eab2e0b2fddcb87;hp=54da15a4832e2f33e7a185211f6b3f3187760416;hpb=bec8002b0510fa9e97d5eddf1ab1fa3d1e55a259;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

diff --git a/files/etc/logcheck/ignore.d.server/local-exim b/files/etc/logcheck/ignore.d.server/local-exim
index 54da15a..d737fdd 100644
--- a/files/etc/logcheck/ignore.d.server/local-exim
+++ b/files/etc/logcheck/ignore.d.server/local-exim
@@ -37,8 +37,13 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: connection-lost$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: data-timeout$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: tls-failed$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=rsa-sha256 b=(1024|2048)( i=[[:alnum:]@.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)? \[verification succeeded\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - public key record \(currently\?\) unavailable\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - body hash mismatch \(body probably modified in transit\)\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - signature did not verify \(headers probably modified in transit\)\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification succeeded\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[^[:space:]]+ s=[^[:space:]]+ \[failed key import\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? dkim-signing-domain is [[:alnum:]_.-]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: validation error: Public key signature verification has failed\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: validation error: Public key signature verification has failed\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]+> rejected after DATA: header syntax \(missing or malformed local part: failing address in "(From:|To:)" header is: .*\): missing or malformed local part: failing address in "(From:|To:)" header is: .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]+> rejected after DATA: header syntax \(unqualified address not permitted: failing address in "(From:|To:)" header is: .*\): unqualified address not permitted: failing address in "(From:|To:)" header is: .*$
@@ -54,8 +59,9 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? SMTP connection lost after final dot H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\] I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? SMTP connection lost after final dot [^[:space:]]* to @ via \[[[:xdigit:].:]+\]: tls-failed$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtpsa X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? A=(dovecot_plain|dovecot_login):[[:alnum:]:@.-]+( PRDR)? S=[[:digit:]]+ id=[^[:space:]]+ from <[^[:space:]]+> for .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtp S=[[:digit:]]+( DKIM=[^[:space:]]+)? id=[^[:space:]]+ from <[^[:space:]]+> for [^[:space:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtp S=[[:digit:]]+( DKIM=[^[:space:]]+)?( id=[^[:space:]]+)? from <[^[:space:]]+> for [^[:space:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? S=[[:digit:]]+( DKIM=[^[:space:]]+)?( id=[^[:space:]]+)? from <[^[:space:]]+> for [^[:space:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=smtp S=[[:digit:]]+( DKIM=[^[:space:]]+)?( id=[^[:space:]]+)? from <[^[:space:]]+> for [^[:space:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? == [^[:space:]]+ routing defer \(-52\): retry time not reached$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? == [^[:space:]]+ R=[^[:space:]]+ T=[^[:space:]]+ defer \(-53\): retry time not yet reached$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? (=>|->) [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=dnslookup T=remote_smtp H=[[:alnum:].-]+ \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( TFO)? X=[^[:space:]]+ CV=(no|yes) DN="[^"]+"( K)? C="[^"]+"$
@@ -79,6 +85,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? (dovecot_login|dovecot_plain) authenticator failed for ([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+: 535 Incorrect authentication data( \(set_id=[[:alnum:]_@.-]+\))?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? End queue run: pid=[[:digit:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? exim [[:digit:].]+ daemon started: pid=[[:digit:].]+, -q30m, listening for SMTP on port 25 \(IPv6 and IPv4\)( port 587 \(IPv6 and IPv4\))?( and for SMTPS on port 465 \(IPv6 and IPv4\))?$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? exim [[:digit:].]+ daemon started: pid=[[:digit:].]+, -q30m, listening for SMTP on \[127.0.0.1\]:25 \[::1\]:25$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ incomplete transaction \(connection lost\) from <[^[:space:]]+>( for .*)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ incomplete transaction \(QUIT\) from <[^[:space:]]*>$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ incomplete transaction \(RSET\) from <[^[:space:]]*>( for [^[:space:]]+)?$