From 6cf0e7518f0fb62ab59eb940a8bb55acb5e98b3b Mon Sep 17 00:00:00 2001 From: Hendrik Jaeger Date: Wed, 27 Mar 2019 20:29:27 +0100 Subject: [PATCH] Update logcheck rules for dovecot --- files/etc/logcheck/ignore.d.server/local-dovecot | 2 ++ 1 file changed, 2 insertions(+) diff --git a/files/etc/logcheck/ignore.d.server/local-dovecot b/files/etc/logcheck/ignore.d.server/local-dovecot index 2a2b25d..c0ebdd4 100644 --- a/files/etc/logcheck/ignore.d.server/local-dovecot +++ b/files/etc/logcheck/ignore.d.server/local-dovecot @@ -8,9 +8,11 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Connection closed \(UID FETCH running for [[:digit:].]+ \+ waiting input for [[:digit:].]+ secs,( [[:digit:].]+ in locks,)? [[:digit:]]+ B in \+ [[:digit:]]+(\+[[:digit:]]+)? B out, state=wait-input\) in=[[:digit:]]+ out=[[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected| in [[:upper:]]+|: Too many invalid IMAP commands\.)?( in IDLE)? in=[[:digit:]]+ out=[[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Logged out in=[[:digit:]]+ out=[[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\)<[[:digit:]]+><[[:alnum:]]+>: Logged out in=[[:digit:]]+ out=[[:digit:]]+ deleted=[[:digit:]]+ expunged=[[:digit:]]+ trashed=[[:digit:]]+ hdr_count=[[:digit:]]+ hdr_bytes=[[:digit:]]+ body_count=[[:digit:]]+ body_bytes=[[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\): msgid=([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): saved mail to [[:alnum:]\/._-]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\): sieve: msgid=(\? )?([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): stored mail into mailbox '[^[:space:]]+'$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\): sieve: msgid=<[[:alnum:]":@=\+\/.,_!&\$%#~-]+>: forwarded to <[[:alnum:]":@=\+\/.,_!&\$%#~-]+>$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([[:alnum:]]+\)<[[:digit:]]+><[[:alnum:]]+>: sieve: msgid=(\? )?([][[:alnum:]":<>@?=\+\/.,_!&\$%#~-]+( \(added by.*postmaster@[[:alnum:].-]+\))?|unspecified): stored mail into mailbox '[^[:space:]]+'$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)?(, session=<[[:alnum:]\/\+]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(aborted authentication\): method=PLAIN, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(: SSL_read\(\) syscall failed: Connection reset by peer)?(, session=<[[:alnum:]\/\+]+>)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(auth failed, [[:digit:]]+ attempts( in [[:digit:]]+ secs)?\): user=<[-_.@[:alnum:]]+>, method=(PLAIN|LOGIN), rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?)?(, session=<[[:alnum:]\/\+]+>)?$ -- 2.39.2