diff --git a/config/filter.d/sendmail-reject.conf b/config/filter.d/sendmail-reject.conf
index 1ccd37a0..3a897316 100644
--- a/config/filter.d/sendmail-reject.conf
+++ b/config/filter.d/sendmail-reject.conf
@@ -21,8 +21,10 @@ before = common.conf
 
 _daemon = (?:sm-(mta|acceptingconnections))
 
-failregex = ^%(__prefix_line)s\w{14}: ruleset=check_rcpt, arg1=(?P<email><\S+@\S+>), relay=(\S+ )?\[<HOST>\]( \(may be forged\))?, reject=(550 5\.7\.1 (?P=email)\.\.\. Relaying denied\. (IP name possibly forged \[(\d+\.){3}\d+\]|Proper authentication required\.)|553 5\.1\.8 (?P=email)\.\.\. Domain of sender address \S+ does not exist|550 5\.7\.1 (?P=email)\.\.\. Rejected: .*)$
-            ^%(__prefix_line)sruleset=check_relay, arg1=(?P<dom>\S+), arg2=<HOST>, relay=(?P=dom) \[(\d+\.){3}\d+\]( \(may be forged\))?, reject=421 4\.3\.2 Connection rate limit exceeded\.$
+failregex = ^%(__prefix_line)s\w{14}: ruleset=check_rcpt, arg1=(?P<email><\S+@\S+>), relay=(\S+ )?\[<HOST>\]( \(may be forged\))?, reject=(550 5\.7\.1 (?P=email)\.\.\. Relaying denied\. (IP name possibly forged \[(\d+\.){3}\d+\]|Proper authentication required\.|IP name lookup failed \[(\d+\.){3}\d+\])|553 5\.1\.8 (?P=email)\.\.\. Domain of sender address \S+ does not exist|550 5\.[71]\.1 (?P=email)\.\.\. (Rejected: .*|User unknown))$
+            ^%(__prefix_line)sruleset=check_relay, arg1=(?P<dom>\S+), arg2=<HOST>, relay=((?P=dom) )?\[(\d+\.){3}\d+\]( \(may be forged\))?, reject=421 4\.3\.2 (Connection rate limit exceeded\.|Too many open connections\.)$
+            ^%(__prefix_line)s\w{14}: rejecting commands from  (\S+ )?\[<HOST>\] due to pre-greeting traffic after \d+ seconds$
+            ^%(__prefix_line)s\w{14}: (\S+ )?\[<HOST>\]: ((?i)expn|vrfy) \S+ \[rejected\]$
 
 
 ignoreregex =
diff --git a/testcases/files/logs/sendmail-reject b/testcases/files/logs/sendmail-reject
index 2992725d..b7d37e5a 100644
--- a/testcases/files/logs/sendmail-reject
+++ b/testcases/files/logs/sendmail-reject
@@ -32,3 +32,36 @@ Feb 23 06:06:04 kismet sm-acceptingconnections[18622]: s1NB63Bp018622: ruleset=c
 Feb 24 01:46:44 petermurray sm-mta[24422]: ruleset=check_relay, arg1=leased-line-54-82.telecom.by, arg2=217.21.54.82, relay=leased-line-54-82.telecom.by [217.21.54.82], reject=421 4.3.2 Connection rate limit exceeded.
 
 
+# failJSON: { "time": "2005-02-27T15:49:07", "match": true , "host": "189.30.205.74" }
+Feb 27 15:49:07 batman sm-mta[88390]: ruleset=check_relay, arg1=189-30-205-74.paebv701.dsl.brasiltelecom.net.br, arg2=189.30.205.74, relay=189-30-205-74.paebv701.dsl.brasiltelecom.net.br [189.30.205.74], reject=421 4.3.2 Too many open connections.
+
+# failJSON: { "time": "2005-02-19T18:01:50", "match": true , "host": "196.213.73.146" }
+Feb 19 18:01:50 batman sm-mta[78152]: ruleset=check_relay, arg1=[196.213.73.146], arg2=196.213.73.146, relay=[196.213.73.146], reject=421 4.3.2 Connection rate limit exceeded.
+
+# failJSON: { "time": "2005-02-27T10:53:06", "match": true , "host": "209.15.212.253" }
+Feb 27 10:53:06 batman sm-mta[44307]: s1R9r60D044307: rejecting commands from  [209.15.212.253] due to pre-greeting traffic after 0 seconds
+
+# failJSON: { "time": "2005-02-27T15:44:18", "match": true , "host": "41.204.78.137" }
+Feb 27 15:44:18 batman sm-mta[87838]: s1REiHdq087838: ruleset=check_rcpt, arg1=<gert-jan@t-online.ch>, relay=[41.204.78.137], reject=550 5.7.1 <gert-jan@t-online.ch>... Relaying denied. IP name lookup failed [41.204.78.137]
+
+# failJSON: { "time": "2005-02-27T15:49:02", "match": true , "host": "189.30.205.74" }
+Feb 27 15:49:02 batman sm-mta[88377]: s1REn1un088377: ruleset=check_rcpt, arg1=<non-existing-user@example.com>, relay=189-30-205-74.paebv701.dsl.brasiltelecom.net.br [189.30.205.74], reject=550 5.1.1 <non-existing-user@example.com>... User unknown
+
+# failJSON: { "time": "2005-02-27T22:44:42", "match": true , "host": "123.69.106.50" }
+Feb 27 22:44:42 batman sm-mta[30972]: s1RLieRP030972: ruleset=check_rcpt, arg1=<existing-user@example.com>, relay=[123.69.106.50], reject=553 5.1.8 <existing-user@example.com>... Domain of sender address lf@ibuv.net does not exist
+
+# failJSON: { "time": "2005-02-23T21:18:47", "match": true , "host": "76.72.174.70" }
+Feb 23 21:18:47 batman sm-mta[93301]: s1NKIkZa093301: [76.72.174.70]: EXPN root [rejected]
+
+# failJSON: { "time": "2005-02-13T01:16:50", "match": true , "host": "217.193.142.180" }
+Feb 13 01:16:50 batman sm-mta[25815]: s1D0GoSs025815: [217.193.142.180]: expn info [rejected]
+
+# failJSON: { "time": "2005-02-22T14:02:44", "match": true , "host": "24.73.201.194" }
+Feb 22 14:02:44 batman sm-mta[4030]: s1MD2hsd004030: rrcs-24-73-201-194.se.biz.rr.com [24.73.201.194]: EXPN root [rejected]
+
+# failJSON: { "time": "2005-02-13T01:16:50", "match": true , "host": "217.193.142.180" }
+Feb 13 01:16:50 batman sm-mta[25815]: s1D0GoSs025815: [217.193.142.180]: vrfy info [rejected]
+
+# failJSON: { "time": "2005-02-22T14:02:44", "match": true , "host": "24.73.201.194" }
+Feb 22 14:02:44 batman sm-mta[4030]: s1MD2hsd004030: rrcs-24-73-201-194.se.biz.rr.com [24.73.201.194]: VRFY root [rejected]
+