On Thursday, May 30, 2024 12:37:49 PM CDT Richard Lewis wrote: > Is there still interest in updating rules for dovecot?
Best I can volunteer is my current dovecot-local that is in active use. (Attached.) -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) Twitter: @BoydSSmithJr `-'(. .)`-' https://iguanasuicide.net/ \_/
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
deliver\([-_.@[:alnum:]]+\): msgid=(<?[^[:space:]]+>? ?(\((added by
[^[:space:]]+|sfid-[_[:xdigit:]]+)\))?)?: (discarded|saved mail to
[-_.[:space:][:alnum:]]+)$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)\([._[:alnum:]-]+\)(<[^<>]*>)*:
Disconnected(: Logged out| for inactivity)( bytes=[[:digit:]]+/[[:digit:]]+)?(
[[:alpha:]_]+=[[:digit:]]+)*$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: Time just moved backwards by 1
seconds\. I'll sleep now until we're back in present\.
http://wiki\.dovecot\.org/TimeMovedBackwards$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: Disconnected(: Inactivity)? \(no auth
attempts\): rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS handshaking:
SSL_accept\(\) syscall failed: Connection reset by peer)?
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)-login: (Disconnected(:
(Inactivity|Connection closed)( during authentication )?)?( \((tried to use
unsupported auth mechanism|(disconnected before auth was ready|client didn't
finish SASL auth), waited [[:digit:]]+ secs)\))?|Aborted login)( \(no auth
attempts in [[:digit:]]+ secs\))?: user=<>, (method=NTLM,
)?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, TLS( handshaking:
Disconnected)?)?, session=<[[:alnum:]+/]+>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: managesieve-login: Disconnected: Inactivity:
rip=([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3},
lip=([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: lda\([-_.@[:alnum:]]+\)(<[^<>]*>)*: sieve:
msgid=(\? )?(<.*>|unspecified): ((discard action: )?[mM]arked message to be
discarded if not explicitly delivered \(discard action\)|(fileinto action:
)?stored mail into mailbox '[-_/[:space:][:alnum:]]+')
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)\([-_.@[:alnum:]]+\)(<[^<>]*>)*:
(Disconnected for inactivity|Logged out|Disconnected in IDLE|Connection closed(
\([^()]*\))?(: Connection reset by peer)?)( \([^)]*\))?(
[[:alpha:]_]+=[[:digit:]/]+)*$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)-login: Login:
user=<[-_.@[:alnum:]]+>, method=[[:upper:]-]+, rip=[.:[:xdigit:]]+,
lip=[.:[:xdigit:]]+, mpid=[[:digit:]]+, (TLS, )?session=<[[:print:]]{16}>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: managesieve-login: Disconnected(: Logged out|for
inactivity) (bytes=[[:digit:]]+/[[:digit:]]+)$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: ssl-params: Generating SSL parameters$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: ssl-params: SSL parameters regeneration completed$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: Error: SSL: Stacked error:
error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message: SSL
alert number 10$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)-login: Disconnected(:
(Inactivity|Connection closed(: (read\(size=[[:digit:]]+\) failed: )?Connection
reset by peer)?))? \((disconnected before auth was ready, waited|no auth
attempts in) [[:digit:]]+ secs\): user=<>, rip=[[:xdigit:]:.]+,
lip=[[:xdigit:]:.]+(, TLS[^,]*)?, session=<[[:alnum:]+/]+>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: Disconnected \(disconnected before
(greeting|auth was ready), waited [[:digit:]]+ secs\): user=<>,
rip=[[:digit:].]+, lip=[[:digit:].]+(, TLS[^,]*)?, session=<[[:alnum:]+/]+>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: Disconnected \(tried to use (disallowed
plaintext auth|unsupported auth mechanism)\): user=<>, (method=[[:alpha:]]+,
)?rip=[[:digit:].]+, lip=[[:digit:].]+, session=<[[:alnum:]+/]+>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: (Disconnected(: Connection
closed)?|Aborted login) \((no auth attempts in 0 secs|auth failed|client didn't
finish SASL auth), ([[:digit:]]+ attempts in|waited) [[:digit:]]+ secs\):
user=<[^<>]*>, (method=PLAIN, )?rip=[[:digit:].]+, lip=[[:digit:].]+, (TLS(:
Connection closed)?, )?session=<[[:alnum:]+/]+>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)-login: Disconnected: Too many
invalid commands\.? \(no auth attempts in [[:digit:]]+ secs\): user=<>,
rip=[[:digit:].]+, lip=[[:digit:].]+(, TLS)?, session=<[[:alnum:]+/]+>$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
auth(\[[[:digit:]]+\])?: pam_unix\(dovecot:auth\): check pass; user unknown$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
auth(\[[[:digit:]]+\])?: pam_unix\(dovecot:auth\): authentication failure;
logname= uid=0 euid=0 tty=dovecot ruser=[^ ]* rhost=[[:digit:].]+( user=[^
]*)?$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: imap-login: (Disconnected: )?Maximum number of
connections from user+IP exceeded \(mail_max_userip_connections=[[:digit:]]+\):
user=<[^<>]*>, (method=PLAIN, )?rip=[[:digit:].]+, lip=[[:digit:].]+, (TLS(:
Connection closed)?, )?session=<[[:alnum:]+/]+>
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)-login: Disconnected: Aborted
login by logging out \((no auth attempts|auth failed, [[:digit:]]+ attempts) in
[[:digit:]]+ secs\): user=<>, rip=[[:digit:].]+, lip=[[:digit:].]+(, TLS)?,
session=<[[:alnum:]+/]+>$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)\([-_.@[:alnum:]]+\)(<[^<>]*>)*:
Disconnected: (Inactivity - no input for [[:digit:]]{4,} secs|Disconnected for
inactivity|Connection closed( \([^()]*\))?)( [[:alpha:]_]+=[[:digit:]/]+)*$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: (imap|managesieve)-login: Disconnected: Connection
closed: (SSL_(accept\(\)|read) (syscall )?failed: (error:[[:xdigit:]]{8}:SSL
routines::([^( ]* )*[^( ]*|Invalid argument)) \((disconnected before auth was
ready, waited [[:digit:]]+ secs|no auth attempts in [[:digit:]]+ secs)\):
user=<>, rip=[[:digit:].]+, lip=[[:digit:].]+, TLS( handshaking)?: \4,
session=<[[:alnum:]+/]+>$
^(\w{3} [ :[:digit:]]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
dovecot(\[[[:digit:]]+\])?: master: Warning: Time moved forwards by
[[:digit:].]+ seconds? - adjusting timeouts\.$
signature.asc
Description: This is a digitally signed message part.
