From: Hendrik Jäger <gitcommit@henk.geekmail.org>
Date: Mon, 4 Mar 2024 21:18:49 +0000 (+0100)
Subject: update rules
X-Git-Url: https://git.netwichtig.de/gitweb/?a=commitdiff_plain;h=370d9f49b49e6d09e1496024d2df9f7658d79a2d;p=user%2Fhenk%2Fcode%2Fpuppet%2Fmodules%2Flogcheck.git

update rules
---

diff --git a/files/etc/logcheck/ignore.d.server/local-exim b/files/etc/logcheck/ignore.d.server/local-exim
index d737fdd..82c6d37 100644
--- a/files/etc/logcheck/ignore.d.server/local-exim
+++ b/files/etc/logcheck/ignore.d.server/local-exim
@@ -37,10 +37,10 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: connection-lost$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: data-timeout$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: tls-failed$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - public key record \(currently\?\) unavailable\]$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - body hash mismatch \(body probably modified in transit\)\]$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - signature did not verify \(headers probably modified in transit\)\]$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:].-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification succeeded\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[invalid - public key record \(currently\?\) unavailable\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - body hash mismatch \(body probably modified in transit\)\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification failed - signature did not verify \(headers probably modified in transit\)\]$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[[:alnum:].-]+ s=[[:alnum:]._-]+ c=(simple|relaxed)/(simple|relaxed) a=(rsa-sha256|ed25519-sha256) b=(512|1024|2048|4096)( i=[[:alnum:]@=_.-]+)?( t=[[:digit:]]+)?( x=[[:digit:]]+)?( l=[[:digit:]]+)? \[verification succeeded\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[^[:space:]]+ s=[^[:space:]]+ \[failed key import\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? dkim-signing-domain is [[:alnum:]_.-]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: validation error: Public key signature verification has failed\.$