From 86a8aef3ebfd6b0a3fa073b856d054c5b1d80b48 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Hendrik=20J=C3=A4ger?= <gitcommit@henk.geekmail.org>
Date: Wed, 4 Oct 2023 21:42:19 +0200
Subject: [PATCH] update rules

---
 files/etc/logcheck/ignore.d.server/local-exim  | 10 +++++++---
 files/etc/logcheck/ignore.d.server/local-spamd | 17 +++++++++--------
 2 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/files/etc/logcheck/ignore.d.server/local-exim b/files/etc/logcheck/ignore.d.server/local-exim
index 4e70695..bc368f1 100644
--- a/files/etc/logcheck/ignore.d.server/local-exim
+++ b/files/etc/logcheck/ignore.d.server/local-exim
@@ -35,30 +35,33 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: bad-commands
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: command-timeout$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: connection-lost$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: data-timeout$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Connection closed without quit after message from [^[:space:]]* to [^[:space:]]* via \[[[:xdigit:].:]+\]: tls-failed$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: d=[^[:space:]]+ s=[^[:space:]]+ \[failed key import\]$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? DKIM: validation error: Public key signature verification has failed\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]+> rejected after DATA: header syntax \(missing or malformed local part: failing address in "(From:|To:)" header is: .*\): missing or malformed local part: failing address in "(From:|To:)" header is: .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]+> rejected after DATA: header syntax \(unqualified address not permitted: failing address in "(From:|To:)" header is: .*\): unqualified address not permitted: failing address in "(From:|To:)" header is: .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]+> rejected after DATA: Rejected due to site policy reasons\. Contact postmaster in case of problems\.$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( X=[^[:space:]]+ CV=(no|yes))?( SNI=[[:alnum:].-]+)? F=<[^[:space:]]*> rejected after DATA: there is no valid sender in any header line$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\](:[[:digit:]]+)? TLS error on connection \(recv\): A TLS fatal alert has been received: User canceled$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\](:[[:digit:]]+)? TLS error on connection \(recv\): Error in the pull function\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\](:[[:digit:]]+)? TLS error on connection \(recv\): The TLS connection was non-properly terminated\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? PRDR R=<[^[:space:]]+> acceptance$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Running acl_[^[:space:]]+ for IP [[:xdigit:].:]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Running acl_[^[:space:]]+ for domain [[:alnum:].-]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Running acl_[^[:space:]]+ for IP [[:xdigit:].:]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Running acl_[^[:space:]]+ for user [[:alnum:]-]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? SMTP connection lost after final dot H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\] I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? SMTP connection lost after final dot [^[:space:]]* to @ via \[[[:xdigit:].:]+\]: tls-failed$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtpsa X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? A=(dovecot_plain|dovecot_login):[[:alnum:]:@.-]+( PRDR)? S=[[:digit:]]+ id=[^[:space:]]+ from <[^[:space:]]+> for .*$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? S=[[:digit:]]+( DKIM=[^[:space:]]+)?( id=[^[:space:]]+)? from <[^[:space:]]+> for [^[:space:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtp S=[[:digit:]]+( DKIM=[^[:space:]]+)? id=[^[:space:]]+ from <[^[:space:]]+> for [^[:space:]]+$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ U=[[:alnum:]]+ P=local S=[[:digit:]]+( id=[^[:space:]]+)? from <[^[:space:]]+> for .+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? S=[[:digit:]]+( DKIM=[^[:space:]]+)?( id=[^[:space:]]+)? from <[^[:space:]]+> for [^[:space:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? == [^[:space:]]+ routing defer \(-52\): retry time not reached$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? == [^[:space:]]+ R=[^[:space:]]+ T=[^[:space:]]+ defer \(-53\): retry time not yet reached$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? => [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=dnslookup T=remote_smtp H=[[:alnum:].-]+ \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( TFO)? X=[^[:space:]]+ CV=(no|yes) DN="[^"]+"( K)? C="[^"]+"$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? => [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=local_user T=deliver_pipe$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? => [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=local_user T=mail_spool$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? (=>|->) [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=smarthost T=remote_smtp_smarthost H=[[:alnum:].-]+ \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( TFO)? X=[^[:space:]]+ CV=(no|yes) DN="[^"]+"( K)? A=plain (PRDR )?C="[^"]+"$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ U=[[:alnum:]]+ P=local S=[[:digit:]]+( id=[^[:space:]]+)? from <[^[:space:]]+> for .+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? TLS error on connection from( [^[:space:]]+| \([^[:space:]]+\)| [^[:space:]]+ \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \((gnutls_handshake|recv|send)\): The TLS connection was non-properly terminated\.(: syscall: Connection reset by peer)?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? X-hnjs-domain-score: [[:digit:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? X-hnjs-inconsistency-score: [[:digit:]]+$
@@ -106,6 +109,7 @@
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP connection from( [^[:space:]]+)?( \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ lost( \(error: Connection reset by peer\))? D=([[:digit:]]+[ms])+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP connection from( [^[:space:]]+)?( \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ lost while reading message data( \(header\))?$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP connection from \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \(TCP/IP connection count = [[:digit:]]+\)$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP data timeout \(message abandoned\) on( TLS)? connection from( [^[:space:]]+| \([^[:space:]]+\)| [^[:space:]]+ \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ F=<[^[:space:]]*>$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP protocol error in "[^"]*" H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\))( \[[[:xdigit:].:]+\]:[[:digit:]]+)? I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? SMTP syntax error in ".*" H=([^[:space:]]+ )?\[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ .*$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])? Start queue run: pid=[[:digit:]]+$
diff --git a/files/etc/logcheck/ignore.d.server/local-spamd b/files/etc/logcheck/ignore.d.server/local-spamd
index 3d22312..7838325 100644
--- a/files/etc/logcheck/ignore.d.server/local-spamd
+++ b/files/etc/logcheck/ignore.d.server/local-spamd
@@ -1,20 +1,21 @@
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[[:digit:]]+\]: pyzor: \[[[:digit:]]+\] error: TERMINATED, signal 15 \(000f\)$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[[:digit:]]+\]:( spamd:)? connection from [._[:alnum:]-]+ \[[\.[:digit:]]+\]:[[:digit:]]+ to port [[:digit:]]+, fd [[:digit:]]+$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[[:digit:]]+\]: (spamd: )?result: [.YN] [ [:digit:]-]+ - ([._[:alnum:],]+ )?scantime=[[:digit:].]+,size=[[:digit:]]+,(user=[^,]+,uid=[[:digit:]]+,required_score=[[:digit:].]+,rhost=[._[:alnum:]-]+,raddr=[[:digit:].]+,rport=[/[:alnum:].-]+,)?mid=(<[^[:space:]]+>|\(unknown\))(rmid=(<[^[:space:]]+>|\(unknown\)),)?,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no|disabled|unavailable)(,shortcircuit=(ham|spam|no))?( autolearn_force=(no|yes))? *$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[[:digit:]]+\]: pyzor: \[[[:digit:]]+\] error: TERMINATED, signal 15 \(000f\)$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: util: setuid: ruid=[[:digit:]]+ euid=[[:digit:]]+ rgid=[[:digit:]]+ 8 45 108 egid=[[:digit:]]+ 8 45 108$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: new_dns_packet: domain is utf8 flagged: [[:alnum:].-]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: no callback for id [[:digit:]]+/[[:alnum:]]+/[[:alnum:]]+/[[:alnum:]._-]+, ignored, packet on next debug line$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: no likely matching queries for id [[:digit:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: internal error, python traceback seen in response$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: adjust: [0-2] idle children less than 1 minimum idle children\.  ?Increasing spamd children: [[:digit:]]+ started\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: adjust: [3-5] idle children more than 2 maximum idle children\. Decreasing spamd children: [[:digit:]]+ killed\.$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: prefork: child states: II \[\.\.\. logline repeated [[:digit:]]+ times\]$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: handled cleanup of child pid \[[[:digit:]]+\] due to SIGCHLD: interrupted, signal 2 \(0002\)$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: no callback for id [[:digit:]]+/[[:alnum:]]+/[[:alnum:]]+/[[:alnum:]._-]+, ignored, packet on next debug line$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: dns: no likely matching queries for id [[:digit:]]+$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: server hit by SIGHUP, restarting$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: child \[[[:digit:]]+\] killed successfully: interrupted, signal 2 \(0002\)$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: child \[[[:digit:]]+\] killed successfully: interrupted, signal 2 \(0002\)$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: handled cleanup of child pid \[[[:digit:]]+\] due to SIGCHLD: interrupted, signal 2 \(0002\)$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: server hit by SIGHUP, restarting$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: server socket closed, type IO::Socket::IP$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: server socket closed, type IO::Socket::IP$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: util: setuid: ruid=0 euid=0 rgid=0 0 egid=0 0$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: spamd: server started on IO::Socket::IP \[::1\]:783, IO::Socket::IP \[127.0.0.1\]:783 \(running version [[:digit:].]+\)$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: util: setuid: ruid=0 euid=0 rgid=0 0 egid=0 0$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: util: setuid: ruid=[[:digit:]]+ euid=[[:digit:]]+ rgid=[[:digit:]]+ 8 45 108 egid=[[:digit:]]+ 8 45 108$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd: spamd: restarting using '/usr/bin/perl -T -w -I /etc/perl -I /usr/lib/x86_64-linux-gnu/perl5/5\.36 -I /usr/share/perl5 -I /usr/lib/x86_64-linux-gnu/perl-base -I /usr/lib/x86_64-linux-gnu/perl/5\.36 -I /usr/share/perl/5\.36 /usr/sbin/spamd --create-prefs --max-children 5 --helper-home-dir -d --pidfile=/run/spamd\.pid'$
 ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd: spamd: restarting using '/usr/sbin/spamd --create-prefs --max-children [[:digit:]]+ --helper-home-dir -d --pidfile=/var/run/spamd.pid'$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ spamd\[[[:digit:]]+\]: internal error, python traceback seen in response$
-- 
2.39.5