^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? failed: error:1420918C:SSL routines:tls_early_post_process_client_hello:version too low, session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, TLS( handshaking)?(:)? SSL_(accept|read)\(?\)? syscall failed: (Broken pipe|Connection reset by peer|Success)(, session=<[[:alnum:]/+]+>)?$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(((no auth( attempts in [[:digit:]]+ secs)?|auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs|client didn't finish SASL auth, waited 0 secs|disconnected before auth was ready, waited [[:digit:]] secs)?\): user=<[[:alnum:]@_.-]*>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS, )?session=<[[:alnum:]/+]+>$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Connection closed \(auth failed, [[:digit:]]+) attempts in [[:digit:]]+ secs\): user=<[[:alnum:]@_.-]*>, method=PLAIN, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, (TLS, )?session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Inactivity)? \(tried to use disallowed plaintext auth\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: (Disconnected|Aborted login)(: Too many (invalid|bad) commands\.?)? \(no auth attempts( in [[:digit:]]+ secs)?\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, TLS,)? session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Connection closed \(no auth attempts in [[:digit:]]+ secs\): user=<>, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, TLS(: Connection closed)?, session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected(: Inactivity during authentication)? \(client didn't finish SASL auth, waited [[:digit:]]+ secs\): user=<[^>]*>, method=PLAIN, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, TLS, session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected (tried to use unsupported auth mechanism): user=<[-_.@[:alnum:]]*>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+,)? (TLS( handshake)?|secured))?(: Disconnected)?(, session=<[[:alnum:]/+]+>)?$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[[:xdigit:]:.]+, lip=[[:xdigit:]:.]+, mpid=[[:digit:]]+,)? (TLS( handshake)?|secured))?(: read\(size=[[:digit:]]+\) failed: Connection reset by peer)?(, session=<[[:alnum:]/+]+>)?$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Too many invalid commands. \(no auth attempts in [[:digit:]]+ secs\): user=<>, rip=[[:xdigit:]].:]+, lip=[[:xdigit:]].:]+, session=<[[:alnum:]/+]+>$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ dovecot: (pop3|imap|managesieve)-login: Disconnected: Disconnected: Too many bad commands \(no auth attempts in [[:digit:]]+ secs\): user=<>, rip=[[:xdigit:]].:]+, lip=[[:xdigit:]].:]+, session=<[[:alnum:]/+]+>$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? Running acl_[^[:space:]]+ for (IP [[:xdigit:].:]+|domain [[:alnum:].-]+|user [[:alnum:]-]+)$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? SMTP connection lost after final dot H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\] I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? SMTP connection lost after final dot [^[:space:]]* to @ via \[[[:xdigit:].:]+\]: tls-failed$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtpsa X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? A=(dovecot_plain|dovecot_login):[[:alnum:]:@.]+( PRDR)? S=[[:digit:]]+ id=[^[:space:]]+ from <[^[:space:]]+> for .*$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtpsa X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? A=(dovecot_plain|dovecot_login):[[:alnum:]:@.-]+( PRDR)? S=[[:digit:]]+ id=[^[:space:]]+ from <[^[:space:]]+> for .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtp S=[[:digit:]]+( DKIM=[^[:space:]]+)? id=[^[:space:]]+ from <[^[:space:]]+> for [^[:space:]]+$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? S=[[:digit:]]+( DKIM=[^[:space:]]+)? id=[^[:space:]]+ from <[^[:space:]]+> for [^[:space:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ H=([^[:space:]]+|\([^[:space:]]+\)|[^[:space:]]+ \([^[:space:]]+\)) \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ P=esmtps X=[^[:space:]]+ CV=(no|yes)( SNI=[^[:space:]]+)? S=[[:digit:]]+( DKIM=[^[:space:]]+)?( id=[^[:space:]]+)? from <[^[:space:]]+> for [^[:space:]]+$
+^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ U=[[:alnum:]]+ P=local S=[[:digit:]]+( id=[^[:space:]]+)? from <[^[:space:]]+> for .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? == [^[:space:]]+ routing defer \(-52\): retry time not reached$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? == [^[:space:]]+ R=[^[:space:]]+ T=[^[:space:]]+ defer \(-53\): retry time not yet reached$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? => [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=dnslookup T=remote_smtp H=[[:alnum:].-]+ \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( TFO)? X=[^[:space:]]+ CV=(no|yes) DN="[^"]+"( K)? C="[^"]+"$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? => [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=local_user T=deliver_pipe$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? => [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=local_user T=mail_spool$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? (=>|->) [^[:space:]]+( <[^[:space:]]+>)? F=<[^[:space:]]+> P=<[^[:space:]]+> R=smarthost T=remote_smtp_smarthost H=[[:alnum:].-]+ \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+( TFO)? X=[^[:space:]]+ CV=(no|yes) DN="[^"]+"( K)? A=plain (PRDR )?C="[^"]+"$
-^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? <= [^[:space:]]+ U=[[:alnum:]]+ P=local S=[[:digit:]]+( id=[^[:space:]]+)? from <[^[:space:]]+> for .*$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? TLS error on connection from( [^[:space:]]+| \([^[:space:]]+\)| [^[:space:]]+ \([^[:space:]]+\))? \[[[:xdigit:].:]+\]:[[:digit:]]+ I=\[[[:xdigit:].:]+\]:[[:digit:]]+ \((gnutls_handshake|recv|send)\): The TLS connection was non-properly terminated\.(: syscall: Connection reset by peer)?$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? X-hnjs-domain-score: [[:digit:]]+$
^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ exim\[[[:digit:]]+\]:( \[1[\\/][[:digit:]]+\])?( [[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2} [[:digit:]:.]+ \[[[:digit:]]+\])?( [[:alnum:]]{6}-[[:alnum:]]{6}-[[:alnum:]]{2})? X-hnjs-inconsistency-score: [[:digit:]]+$
projects / user / henk / code / puppet / modules / logcheck.git / commitdiff