X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Fpostfix_rules.xml;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Frules%2Fpostfix_rules.xml;h=0000000000000000000000000000000000000000;hp=44f9e13b1def63e80bd474c23688149ecb416aa4;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hpb=3f728675941dc69d4e544d3a880a56240a6e394a

diff --git a/debian/ossec-hids/var/ossec/rules/postfix_rules.xml b/debian/ossec-hids/var/ossec/rules/postfix_rules.xml
deleted file mode 100644
index 44f9e13..0000000
--- a/debian/ossec-hids/var/ossec/rules/postfix_rules.xml
+++ /dev/null
@@ -1,162 +0,0 @@
-<!-- @(#) $Id: ./etc/rules/postfix_rules.xml, 2011/09/08 dcid Exp $
-
-  -  Official postfix rules for OSSEC.
-  -  Author: Ahmet Ozturk
-  -  Author: Daniel B. Cid
-  -  License: http://www.ossec.net/en/licensing.html
-  -->
-
-<var name="POSTFIX_FREQ">6</var>      
-
-<group name="syslog,postfix,">
-  <rule id="3300" level="0">
-    <decoded_as>postfix-reject</decoded_as>
-    <description>Grouping of the postfix reject rules.</description>
-  </rule>
-  
-  <rule id="3301" level="6">
-    <if_sid>3300</if_sid>
-    <id>^554$</id>
-    <description>Attempt to use mail server as relay </description>
-    <description>(client host rejected).</description>
-    <group>spam,</group>
-  </rule>
-
-  <rule id="3302" level="6">
-    <if_sid>3300</if_sid>
-    <id>^550$</id>
-    <description>Rejected by access list </description>
-    <description>(Requested action not taken).</description>
-    <group>spam,</group>
-  </rule>
-
-  <rule id="3303" level="5">
-    <if_sid>3300</if_sid>
-    <id>^450$</id>
-    <description>Sender domain is not found </description>
-    <description>(450: Requested mail action not taken).</description>
-    <group>spam,</group>
-  </rule>
-
-  <rule id="3304" level="5">
-    <if_sid>3300</if_sid>
-    <id>^503$</id>
-    <description>Improper use of SMTP command pipelining </description>
-    <description>(503: Bad sequence of commands).</description>
-    <group>spam,</group>
-  </rule>
-  
-  <rule id="3305" level="5">
-    <if_sid>3300</if_sid>
-    <id>^504$</id>
-    <description>Recipient address must contain FQDN </description>
-    <description>(504: Command parameter not implemented).</description>
-    <group>spam,</group>
-  </rule>
-  
-  <rule id="3306" level="6">
-    <if_sid>3301, 3302</if_sid>
-    <match> blocked using </match>
-    <description>IP Address deny-listed by anti-spam (blocked).</description>
-    <group>spam,</group>
-  </rule>
-  
-  <rule id="3320" level="0">
-    <decoded_as>postfix</decoded_as>
-    <description>Grouping of the postfix rules.</description>
-  </rule>
-
-  <rule id="3330" level="10" ignore="240">
-    <if_sid>3320</if_sid>
-    <match>defer service failure|Resource temporarily unavailable|</match>
-    <match>^fatal: the Postfix mail system is not running</match>
-    <description>Postfix process error.</description>
-    <group>service_availability,</group>
-  </rule>
-
-  <rule id="3332" level="5">
-    <if_sid>3320</if_sid>
-    <match> authentication failed</match>
-    <description>Postfix SASL authentication failure.</description>
-    <group>authentication_failed,</group>
-  </rule>
-
-  <rule id="3331" level="10" ignore="120">
-    <if_sid>3300</if_sid>
-    <id>^452</id>
-    <description>Postfix insufficient disk space error.</description>
-    <group>service_availability,</group>
-  </rule>
-
-  <rule id="3334" level="3">
-    <if_sid>3320</if_sid>
-    <match>^daemon started </match>
-    <description>Postfix started.</description>
-  </rule>
-
-  <rule id="3333" level="7">
-    <if_sid>3320</if_sid>
-    <match>^terminating on signal</match>
-    <description>Postfix stopped.</description>
-    <group>service_availability,</group>
-  </rule>
-
-  <rule id="3351" level="6" frequency="$POSTFIX_FREQ" timeframe="90">
-    <if_matched_sid>3301</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple relaying attempts of spam.</description>
-    <group>multiple_spam,</group>
-  </rule>
-
-  <rule id="3352" level="6" frequency="$POSTFIX_FREQ" timeframe="120">
-    <if_matched_sid>3302</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple attempts to send e-mail from a </description>
-    <description>rejected sender IP (access).</description>
-    <group>multiple_spam,</group>
-  </rule>
-
-  <rule id="3353" level="10" frequency="$POSTFIX_FREQ" timeframe="120">
-    <if_matched_sid>3303</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple attempts to send e-mail from </description>
-    <description>invalid/unknown sender domain.</description>
-    <group>multiple_spam,</group>
-  </rule>
-
-  <rule id="3354" level="12" frequency="$POSTFIX_FREQ" timeframe="120">
-    <if_matched_sid>3304</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple misuse of SMTP service </description>
-    <description>(bad sequence of commands).</description>
-    <group>multiple_spam,</group>
-  </rule>
-
-  <rule id="3355" level="10" frequency="$POSTFIX_FREQ" timeframe="120">
-    <if_matched_sid>3305</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple attempts to send e-mail to </description>
-    <description>invalid recipient or from unknown sender domain.</description>
-    <group>multiple_spam,</group>
-  </rule>
-
-  <rule id="3356" level="10" frequency="$POSTFIX_FREQ" timeframe="120" ignore="30">
-    <if_matched_sid>3306</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple attempts to send e-mail from </description>
-    <description>deny-listed IP address (blocked).</description>
-    <group>multiple_spam,</group>
-  </rule>
-
-  <rule id="3357" level="10" frequency="6" timeframe="120" ignore="60">
-    <if_matched_sid>3332</if_matched_sid>
-    <same_source_ip />
-    <description>Multiple SASL authentication failures.</description>
-    <group>authentication_failures,</group>
-  </rule>
-
-  <rule id="3390" level="0">
-    <match>^clamsmtpd: </match>
-    <description>Grouping of the clamsmtpd rules.</description>
-  </rule>
-</group> <!-- SYSLOG,POSTFIX -->
