On Fri, Dec 19, 2003 at 09:34:56PM -0600, Greg Norris wrote:
> Every now and then, logcheck complains about syslog messages such as
> the one below. Not a big problem, but it's supposed to filter out
> messages which match the associated regexp... which really should cover
> this case, as far as I can see. Any idea why this one was missed?
>
> ---SNIP--- Dec 19 07:17:46 sasami spamd[23665]: processing message
> <[EMAIL PROTECTED]> for adric:1000. ---SNIP---
>
> ---SNIP--- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:
> processing message <.+> for \w+:[0-9]+\. $ ---SNIP---
>
> There really is a single space at the end of the line, btw, so it's
> not that.
You don't say whether the message is listed as an "event" or a "security
violation", but I'm guessing it's the latter, and the reason is that
the email address contains "bad". If I'm right, the solution is to
create a file in violations.ignore.d containing an appropriate regexp,
perhaps "@bad-"
--
No animal should ever jump on the dining room furniture unless
absolutely certain he can hold his own in conversation.
-- Fran Lebowitz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
