-<!-- @(#) $Id: postfix_rules.xml,v 1.17 2008/04/21 17:32:11 dcid Exp $
+<!-- @(#) $Id: ./etc/rules/postfix_rules.xml, 2011/09/08 dcid Exp $
+
- Official postfix rules for OSSEC.
- Author: Ahmet Ozturk
- Author: Daniel B. Cid
<rule id="3305" level="5">
<if_sid>3300</if_sid>
<id>^504$</id>
- <description>Receipent address must contain FQDN </description>
+ <description>Recipient address must contain FQDN </description>
<description>(504: Command parameter not implemented).</description>
<group>spam,</group>
</rule>
<rule id="3306" level="6">
<if_sid>3301, 3302</if_sid>
<match> blocked using </match>
- <description>IP Address black-listed by anti-spam (blocked).</description>
+ <description>IP Address deny-listed by anti-spam (blocked).</description>
<group>spam,</group>
</rule>
<description>Postfix insufficient disk space error.</description>
<group>service_availability,</group>
</rule>
-
+
+ <rule id="3334" level="3">
+ <if_sid>3320</if_sid>
+ <match>^daemon started </match>
+ <description>Postfix started.</description>
+ </rule>
+
+ <rule id="3333" level="7">
+ <if_sid>3320</if_sid>
+ <match>^terminating on signal</match>
+ <description>Postfix stopped.</description>
+ <group>service_availability,</group>
+ </rule>
+
<rule id="3351" level="6" frequency="$POSTFIX_FREQ" timeframe="90">
<if_matched_sid>3301</if_matched_sid>
<same_source_ip />
<if_matched_sid>3306</if_matched_sid>
<same_source_ip />
<description>Multiple attempts to send e-mail from </description>
- <description>black-listed IP address (blocked).</description>
+ <description>deny-listed IP address (blocked).</description>
<group>multiple_spam,</group>
</rule>