Logcheck filters - help!

I'm having a problem designing a Logcheck filter (on Debian woody) to suppress certain messages. I'm putting them in logcheck.ignore but only some of them work.

Things like this work:

kernel: OUT-internet:IN= OUT=eth0
su.*: \+ pts\/0 username-root
imaplogin:

But I want to suppress all my smtpd messages (relay denied, user unknown). I'm trying to do it this way, but it's not working:

postfix\/smtpd.*:

Here's an example of two of the messages I want to ignore; I get stuff like this all day long:

Feb  1 15:29:54 srv1 postfix/smtpd[23803]: reject: RCPT from unknown[210.122.212.121]: 550 <khickerson@gednet.com>: User unknown; from= <maryellenhorton_3@manairport.co.uk>to= <khickerson@gednet.com>Feb  2 00:54:25 srv1 postfix/smtpd[30508]: reject: RCPT from unknown[222.101.92.125]: 554 <smtphunter66@daum.net>: Recipient address rejected: Relay access denied; from= <smtphunter15@yahoo.co.kr>to=<smtphunter66@daum.net></smtphunter66@daum.net></smtphunter15@yahoo.co.kr></smtphunter66@daum.net></khickerson@gednet.com></maryellenhorton_3@manairport.co.uk></khickerson@gednet.com>

Do I have some kind of regex problem I'm not seeing? I thought it might be the that I'm escaping the / character ("\/") after postfix but it seems to be needed on the su line I'm using.

I've also tried just using "Relay access denied" and others but to no avail.

Any help would be really appreciated.

![](" />

1 Reply

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd.+

?

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct