diff --git a/logcheck_debian b/logcheck_debian
index bab3476..e79c5d6 100644
--- a/logcheck_debian
+++ b/logcheck_debian
@@ -322,7 +322,7 @@
 
 #
 # SM-MTA
-# 
+#
 #Mar  9 07:31:29 nada sm-mta[24919]: u296VPig024919: ruleset=check_rcpt, arg1=<netshopping@sanfo.com>, relay=[75.98.154.125], reject=550 5.7.1 <netshopping@sanfo.com>... Relaying denied. IP name lookup failed [75.98.154.125]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: ruleset=check_rcpt, arg1=<[-_.@[:alnum:]]+>, relay=\[[.:[:digit:]]+\], reject=550 5.7.1 <[-_.@[:alnum:]]+>... Relaying denied. IP name lookup failed \[[.:[:digit:]]+\]
 
@@ -350,8 +350,9 @@
 
 #Mar 15 11:26:20 nada sm-mta[6679]: STARTTLS=client, relay=mail.compenta.se., version=TLSv1/SSLv3, verify=FAIL, cipher=AES128-SHA256, bits=128/128
 #Mar 30 20:47:04 nada sm-mta[9603]: STARTTLS=client, relay=mail-gw01.fsdata.se., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA, bits=128/128
+#Sep 11 00:02:05 cocacola sm-mta[4678]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
 #Mar 30 13:04:11 nada sm-mta[30164]: STARTTLS=client, relay=mailgw.swip.net., field=cn_subject, status=failed to extract CN
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1/SSLv3, verify=FAIL, cipher=[-[:alnum:]]+, bits=128/128|field=cn_subject, status=failed to extract CN)
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, relay=[-.:[:alnum:]]+, (version=TLSv1/SSLv3, verify=FAIL, cipher=[-[:alnum:]]+, bits=[/[:digit:]]+|field=cn_subject, status=failed to extract CN)
 
 #Mar 22 13:31:42 nada sendmail[24653]: gethostbyaddr(127.0.0.2) failed: 1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[[:digit:]]+\]: gethostbyaddr\(127.0.0.2\) failed: 1
@@ -415,7 +416,10 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "[=\\[:alnum:]]+"\], relay=\[[.:[:digit:]]+\]
 
 #Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: write error=syscall error \(-1\), errno=32, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=99, ssl_err=5
+#Sep 12 10:27:41 nada sm-mta[4522]: STARTTLS: read error=syscall error (-1), errno=104, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
+#Sep  8 20:49:21 nada sm-mta[14243]: STARTTLS: read error=syscall error (-1), errno=110, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
+
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: (read|write) error=syscall error \(-1\), errno=[[:digit:]]+, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=(1|99), ssl_err=5
 
 #Apr 10 19:18:06 nada sendmail[17597]: v3AHI6dq017597: Authentication-Warning: nada.wahlberg.se: www-data set sender to katarina@happysthlm.se using -f
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sendmail\[[0-9]+\]: [[:alnum:]]+: Authentication-Warning: nada.wahlberg.se: www-data set sender to [.@[:alnum:]]+ using -f
@@ -599,9 +603,12 @@
 \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: (error: )?Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?(11|2): (Client disconnecting normally|ok|Handshake failed) \[preauth\]
 
 #Sep  9 06:55:41 marconi sshd[11486]: Invalid user  0101 from 91.197.232.109
-\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user
-#[ .[alnum]]+ from [.:[:digit:]]+
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Invalid user [ .[:alnum:]]+ from [.:[:digit:]]+
 
+#Sep 11 11:32:09 cocacola sshd[5924]: Received disconnect from 5.189.139.2: 11: Normal Shutdown, Thank you for playing [preauth]
+#Sep  8 13:32:49 marconi sshd[20127]: Received disconnect from 103.27.239.143 port 40512:11: Normal Shutdown, Thank you for playing [preauth]
+\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.[:alnum:]]+
+(: port )?[.:[:digit:]]+: Normal Shutdown, Thank you for playing \[preauth\]
 
 # Apr 18 17:29:30 nada internal-sftp[9277]: session opened for local user petter from [212.16.177.66]
 # Apr 18 17:29:31 nada internal-sftp[9277]: opendir "/home/petter/www.lidberg.se/mazda/Old"
diff --git a/testlog b/testlog
index 5bfb966..1014174 100644
--- a/testlog
+++ b/testlog
@@ -580,7 +580,11 @@ Sep  9 10:56:12 marconi sshd[2802]: fatal: Unable to negotiate with 54.156.158.2
 Sep  9 10:56:14 marconi sshd[2816]: fatal: Unable to negotiate with 54.156.158.234 port 42036: no matching host key type found. Their offer: ssh-dss [preauth]
 Sep 10 07:35:57 marconi freeradius[3649]:  * Reloading FreeRADIUS daemon freeradius
 Sep 10 07:35:58 marconi freeradius[3649]:    ...done.
-
+Sep 12 10:27:41 nada sm-mta[4522]: STARTTLS: read error=syscall error (-1), errno=104, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
+Sep  8 20:49:21 nada sm-mta[14243]: STARTTLS: read error=syscall error (-1), errno=110, get_error=error:00000000:lib(0):func(0):reason(0), retry=1, ssl_err=5
+Sep 11 00:02:05 cocacola sm-mta[4678]: STARTTLS=client, relay=mail.wahlberg.se., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES256-GCM-SHA384, bits=256/256
+Sep 11 11:32:09 cocacola sshd[5924]: Received disconnect from 5.189.139.2: 11: Normal Shutdown, Thank you for playing [preauth]
+Sep  8 13:32:49 marconi sshd[20127]: Received disconnect from 103.27.239.143 port 40512:11: Normal Shutdown, Thank you for playing [preauth]
 
 Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem...
 Aug 23 18:39:24 nada fredrik[1713]: Sista raden