I can confirm that the logcheck rule is not working. The regex actually works, which can also be confirmed with logcheck-test when passing the rule file explicitly:
# logcheck-test -r /etc/logcheck/ignore.d.server/postfix-policyd-spf-python.logcheck -l /var/log/mail.log ... However, this rule file is being ignored because it is installed with this .logcheck suffix. logcheck internally uses 'run-parts --list' to get the list of rule files, which will not include filenames containing dots (only [a-zA-Z0-9_-]+ are allowed). # ls -la /etc/logcheck/ignore.d.server/postfix-policyd-spf-python.logcheck -rw-r--r-- 1 root root 201 Jun 4 2014 /etc/logcheck/ignore.d.server/postfix-policyd-spf-python.logcheck # run-parts --list /etc/logcheck/ignore.d.server |grep postfix-policyd-spf-python # Please remove the suffix from the file and rename it to /etc/logcheck/ignore.d.server/postfix-policyd-spf-python
