update rules

author Hendrik Jäger <gitcommit@henk.geekmail.org>

Fri, 2 Aug 2024 20:33:57 +0000 (22:33 +0200)

committer Hendrik Jäger <gitcommit@henk.geekmail.org>

Fri, 2 Aug 2024 20:33:57 +0000 (22:33 +0200)
author Hendrik Jäger <gitcommit@henk.geekmail.org>
Fri, 2 Aug 2024 20:33:57 +0000 (22:33 +0200)
committer Hendrik Jäger <gitcommit@henk.geekmail.org>
Fri, 2 Aug 2024 20:33:57 +0000 (22:33 +0200)
diff --git a/files/etc/logcheck/ignore.d.server/local-exim b/files/etc/logcheck/ignore.d.server/local-exim

index 08c172a108ba9c0ad7c6534995d6dd58fd107eec..cbfd252b46180e05309c3df3b8f06b05b504a7f1 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-exim
+++ b/files/etc/logcheck/ignore.d.server/local-exim
@@ -40,14 +40,15 @@
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: synchronization-error$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: tls-failed$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - public key record \(currently\?\) unavailable\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - syntax error in public key record\]$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - body hash mismatch \(body probably modified in transit\)\]$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - signature did not verify \(headers probably modified in transit\)\]$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification succeeded\]$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[^[:space:]]+ s=[^[:space:]]+ \[failed key import\]$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? dkim-signing-domain is [[:alnum:]_.-]+$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: validation error: Public key signature verification has failed\.$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(missing or malformed local part: failing address in "(From:|To:)" header is: .*\): missing or malformed local part: failing address in "(From:|To:)" header is: .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(unqualified address not permitted: failing address in "(From:|To:)" header is: .*\): unqualified address not permitted: failing address in "(From:|To:)" header is: .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(missing or malformed local part: failing address in "(From:|To:)" header is: .*\): missing or malformed local part( \(expected word or "<"\))?: failing address in "(From:|To:|Reply-To:)" header is: .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: header syntax \(unqualified address not permitted: failing address in "(From:|To:)" header is: .*\): unqualified address not permitted: failing address in "(From:|To:|Reply-To:)" header is: .*$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: Rejected due to site policy reasons\. Contact postmaster in case of problems\.$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: there is no valid sender in any header line$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> temporarily rejected after DATA: all attempts to verify a sender in a header line deferred$
@@ -127,7 +128,7 @@
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP data timeout \(message abandoned\) on( TLS)? connection from( [^[:space:]]+| \([^[:space:]]+\)| [^[:space:]]+ \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ F=<[^[:space:]]*>$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP protocol error in "[^"]*" H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?(\[[[:xdigit:].:]+\]:[[:digit:]]+)? I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP protocol synchronization error \(next input sent too soon: pipelining was not advertised\): rejected .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP syntax error in ".*" H=([^[:space:]]+ )?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP syntax error in ".*" H=(([^[:space:]]+ )?(\([^[:space:]]+\) )?)?(\[[[:xdigit:].:]+\]:[[:digit:]]+)? I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? Start queue run: pid=[[:digit:]]+$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? TLS error on connection from( [^[:space:]]+)?( \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \((gnutls_handshake|recv|send)\): A disallowed SNI server name has been received\.$
  ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? TLS error on connection from( [^[:space:]]+)?( \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \((gnutls_handshake|recv|send)\): An unexpected TLS packet was received\.$
diff --git a/files/etc/logcheck/ignore.d.server/local-openvpn b/files/etc/logcheck/ignore.d.server/local-openvpn

index abc872277074bd44e5bdad485650dc9362845ff8..bb2816db5f20e1b0c11d1305225b6fa13da61996 100644 (file)
--- a/files/etc/logcheck/ignore.d.server/local-openvpn
+++ b/files/etc/logcheck/ignore.d.server/local-openvpn
@@ -1,4 +1,5 @@
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: \[[[:alnum:]._-]+\] Peer Connection Initiated with \[AF_INET\][[:xdigit:]:.]+$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: Connection Attempt read UDPv4 \[ECONNREFUSED(\|ECONNREFUSED)*\]: Connection refused \(fd=[[:digit:]]+,code=111\)$
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: Could not determine IPv4/IPv6 protocol\. Using AF_INET$
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: net_addr_ptp_v4_add: [[:xdigit:]:.]+ peer [[:xdigit:]:.]+ dev tun[[:digit:]]+$
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: net_addr_ptp_v4_del: [[:xdigit:]:.]+ dev tun[[:digit:]]+$
@@ -13,3 +14,6 @@
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: TLS Error: TLS object -> incoming plaintext read error$
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: UDPv4 link local \(bound\): \[AF_INET\]\[undef\]:1194$
  ^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: UDPv4 link remote: \[AF_UNSPEC\]$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: [[:xdigit:]:.]+ OpenSSL: error:0A0000C7:SSL routines::peer did not return a certificate$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: [[:xdigit:]:.]+ TLS_ERROR: BIO read tls_read_plaintext error$
+^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[[:digit:]]+\]: [[:xdigit:]:.]+ TLS Error: TLS object -> incoming plaintext read error$
author	Hendrik Jäger <gitcommit@henk.geekmail.org>
	Fri, 2 Aug 2024 20:33:57 +0000 (22:33 +0200)
committer	Hendrik Jäger <gitcommit@henk.geekmail.org>
	Fri, 2 Aug 2024 20:33:57 +0000 (22:33 +0200)
files/etc/logcheck/ignore.d.server/local-exim		patch \| blob \| history
files/etc/logcheck/ignore.d.server/local-openvpn		patch \| blob \| history