X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fpostfix.ini;fp=debian%2Fossec-hids%2Fusr%2Fshare%2Fdoc%2Fossec-hids%2Fcontrib%2Fossec-testing%2Ftests%2Fpostfix.ini;h=f8e45ce12f275c82539e223a8617a8acd2e7909a;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b

diff --git a/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/postfix.ini b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/postfix.ini
new file mode 100644
index 0000000..f8e45ce
--- /dev/null
+++ b/debian/ossec-hids/usr/share/doc/ossec-hids/contrib/ossec-testing/tests/postfix.ini
@@ -0,0 +1,14 @@
+[reject rcpt]
+log 1 pass = May  8 08:26:55 mail postfix/postscreen[22055]: NOQUEUE: reject: RCPT from [157.122.148.242]:47407: 550 5.7.1 Service unavailable; client [157.122.148.242] blocked using bl.spamcop.net; from=<kos@mafia.network>, to=<z13699753428@vip.163.com>, proto=ESMTP, helo=<XL-20160217QQJV>
+
+rule = 3306
+alert = 6
+decoder = postfix-reject
+
+[domain not found]
+log 1 pass = Jun 18 20:59:29 mybox postfix/postscreen[12181]: NOQUEUE: reject: RCPT from [213.158.187.41]:45263: 450 4.3.2 Service currently unavailable; from=<purchase@otherfolks.com>, to=<media@example.com>, proto=ESMTP, helo=<some.box.net>
+
+rule = 3303
+alert = 5
+decoder = postfix-reject
+