Re: [Exim] Logcheck configuration files

Góra strony
Delete this message
Reply to this message
Autor: Marc MERLIN
Data:  
Dla: Dickenson, Steven
CC: 'Exim Users (exim-users@exim.org)'
Temat: Re: [Exim] Logcheck configuration files
On Fri, Feb 21, 2003 at 04:03:22PM -0500, Dickenson, Steven wrote:
> Does anyone have some sample logcheck files for use with Exim that you'd
> like to share? I'd particularly like to see those from sites using Marc
> Merlin's SA-Exim patch. I'm running Debian Woody, and thus am using the
> version of logcheck that the Debian maintainer has forked.


I have logcheck read mainlog, and those are the pattern I wrote

Marc

----------------------------------------------------------------------------
exim .* daemon started:
Failed to create IPv6 socket
[0-9] args:
Start queue run:
End queue run:
Address family not supported by protocol

# This makes the regex faster while assuming we only receive 10 mails a sec
-0[0-9] <=
-0[0-9] ->.* R=.* T=
-0[0-9] =>.* R=.* T=
-0[0-9] Completed
-0[0-9] .* Connection reset by peer
-0[0-9] .*: Connection refused
-0[0-9] .*\[[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\]: No route to host

Connection timed out
SMTP command timeout on connection from
SMTP connection from
SMTP error from remote mailer after initial connection
SMTP synchronization error
SMTP command timeout on TLS connection from
SMTP error from remote mailer after end of data
SMTP error from remote mailer after RCPT TO
SMTP error from remote mailer after MAIL FROM
defer .*: host lookup did not complete
defer .*: retry time not reached
defer .*: No route to host
rewritten as.*by rule
Sender verify callout did not complete
Sender verify did not complete
Sender verify failed
sender verify fail for
sender verify defer for
valid RCPT command must precede DATA
Could not complete sender callout check
retry time not reached for any host
unexpected disconnection while reading SMTP command from
rejected after DATA
rejected EHLO from
rejected HELO from
# If you want to know about address probes
#rejected RCPT.*Unrouteable address

0[0-9] Spool file is locked

SA: Debug enabled
SA: config read
SA: check
SA: score
SA: fed spam to spamc, reading result
SA: Message-Id received and cleaned as
SA: spamc read
SA: spamc pieced up
SA: while reading headers
SA: spamc, while parsing header
SA: score hits=
SA: spamc read got newline, end of headers
SA: Read from X-Spam-Status
SA: Writing suspected spam/problem message
SA: Is Spam read from X-Spam-Flag
SA: Body write chunk starts with
SA: Processing body chunk
SA: local_scan temporarily rejected
SA: local_scan permanently rejected
SA: local_scan permanently rejected
SA: Flagged as Spam but accepted:
SA: SAExim.*Cond expand returned
SA: savemail condition expand
SA: Setting timeout of 240 secs
SA: local_scan stall completed. Sending tempreject
rejected by local_scan\(\): Heuristics
temporarily rejected by local_scan\(\): How about you try again later for a little more teergrube?
----------------------------------------------------------------------------

--
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/   |   Finger marc_f@??? for PGP key