Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch
The /etc/logcheck/ignore.d.server/postfix doesn't contain the key word
"DATA" in the "lost connection with" postfix log message. Please see
attached diff for an easy fix to this.
Micah
--- /tmp/postfix 2006-09-11 09:33:43.000000000 -0600
+++ postfix 2006-07-17 23:29:22.000000000 -0600
@@ -33,7 +33,7 @@
# Postfix 2.1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to
[^[:space:]]+ server dropped connection without sending the initial SMTP
greeting \(port 25\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
host [^[:space:]]+ refused to talk to me: [45][0-9][0-9].*$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending (DATA|MAIL FROM|RCPT TO)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending (MAIL FROM|RCPT TO)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while receiving the initial SMTP greeting$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+:
lost connection with [^[:space:]]+ while sending end of data -- message may be
sent more than once$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection
after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
