Starpit設定してるときに追加した方がよいlogcheckの設定

StarpitをDebianで使っているときなど、標準でlogcheckが入っているために、これまで出なかったメッセージがたくさん引っかかってくるようになるため、とてもうっとうしいです。
そこで、Starpitを使っているときに、logcheckに無視する行として追加設定している内容を公開します。

/etc/logcheck/ignore.d.server/postfix

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(250 .*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(host [^[:space:]]+\] said: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(connect to [^[:space:]]+: (Connection timed out|read timeout|Connection refused)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(Host or domain name not found. Name service error for name=[^[:space:]]+ type=MX: Host not found
, try again\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=deferred \(connect to [^[:space:]]+\[[0-9.]+\]: No route to host\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9.]+, delays=[0-9./]+, dsn=[0-9.]+, status=sent \(.*\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: warning: connect to transport spamassassin: Connection refused$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: non-SMTP command from .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: warn: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: :alnum:+: warn: .*$

/etc/logcheck/violations.ignore.d/logcheck-postfix

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] <[^[:space:]]+>: (Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] <[^[:space:]]+>: Helo command rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] Service unavailable; Sender address \^[:space:+\] blocked using [._[:alnum:]-]+; .*; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] Service unavailable; Client host \[[0-9.]{7,15}\] blocked using [._[:alnum:]-]+;( .*;)? from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+\[[0-9.]{7,14}\]: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] <.+>: User unknown in local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: host [^[:space:]]+ said: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\], delay=[0-9]+, status=(deferred|bounced) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\] said: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] .* \(in reply to (HELO|EHLO|MAIL FROM|RCPT TO|end of DATA) command\)\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+ 554 [0-9\.]+ <[^[:space:]]+>: Relay access denied; .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] [0-9]\.[0-9]\.[0-9] <[^[:space:]]+>: (Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+ 554 [0-9.]+ <[^[:space:]]+>: Client host rejected: match compound blacklist; .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: reject: RCPT from [^[:space:]]+ 554 [0-9.]+ <[^[:space:]]+>: Client host rejected: match hotmail blacklist; .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: NOQUEUE: warn: .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Unable to look up MX host .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Unable to look up NS host .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [.[:digit:]]+: hostname [^[:space:]]+ verification failed: Temporary failure in name resolution$

これでほとんど不要なログは出てこなくなります。

モーグルとカバとパウダーの日記

モーグルやカバ(EXカービング)山スキー(BC)などがメインの日記でした。今は仕事のコンピュータ系のネタが主になっています。以前はスパム対策関連が多かったのですが最近はディープラーニング関連が多めです。

Starpit設定してるときに追加した方がよいlogcheckの設定