/etc/logcheck/ignore.d.server/saslauthd is in logcheck-database 1.3.18.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 | ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd+\[[[:digit:]]+\]: DIGEST-MD5 client step [[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd+\[[[:digit:]]+\]: Domain/Realm not available\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd: pam_unix\([[:alnum:]]+:[[:alnum:]]+\): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=[-_.:[:alnum:]]+ user=[-_.[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: DEBUG: auth_pam: pam_authenticate failed: User not known to the underlying authentication module$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= [[:space:]]*user=[-._[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_auth[[:space:]]*: auth failure: \[user=[._[:alnum:]-]+\] \[service=smtp\] \[realm=[._[:alnum:]-]+\] \[mech=pam\] \[reason=PAM auth error\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: do_request[[:space:]]*: NULL password received$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ saslauthd\[[[:digit:]]+\]: pam_unix\([[:alnum:]]+:[[:alnum:]]+\): check pass; user unknown$
|