加強修改postfix.iredmail.conf

[url]https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/postfix.iredmail.conf[/url]

13c13
< Failregex: 120 total
---
> Failregex: 133 total
68c68
< |   3) [69] postscreen\[\d+\]: PREGREET .* from \[<HOST>\]:\d+: (EHLO|HELO)
---
> |   3) [82] PREGREET ([0-9]{1,3}) .* from \[<HOST>\]:([0-9]{4,5}:)?(.*) .*$
73a74,77
> |      123.59.60.110  Tue Dec 19 23:15:18 2017
> |      123.59.60.110  Tue Dec 19 23:15:21 2017
> |      112.117.17.42  Thu Dec 21 01:18:48 2017
> |      139.162.99.243  Thu Dec 21 02:06:06 2017
88a93,94
> |      210.201.136.13  Tue Dec 26 14:57:33 2017
> |      110.185.170.146  Tue Dec 26 19:16:05 2017
101a108,109
> |      123.59.60.110  Wed Jan 03 14:17:25 2018
> |      123.59.60.110  Wed Jan 03 14:17:28 2018
104a113
> |      220.175.61.17  Thu Jan 04 10:12:48 2018
106a116
> |      124.235.138.249  Tue Jan 09 06:18:48 2018
131a142,143
> |      123.59.60.110  Thu Jan 18 03:17:33 2018
> |      123.59.60.110  Thu Jan 18 03:17:36 2018
137a150
> |      210.201.136.13  Fri Jan 26 14:55:44 2018
161,162c174,175
< Lines: 149143 lines, 0 ignored, 120 matched, 149023 missed
< [processed in 8.55 sec]
---
> Lines: 149143 lines, 0 ignored, 133 matched, 149010 missed
> [processed in 8.89 sec]
164c177
< Missed line(s): too many to print.  Use --print-all-missed to print all 149023 lines
---
> Missed line(s): too many to print.  Use --print-all-missed to print all 149010 lines

Jan 18 03:17:33 mail postfix/postscreen[12606]: CONNECT from [123.59.60.110]:39922 to [10.10.10.10]:25
Jan 18 03:17:33 mail postfix/postscreen[12606]: BLACKLISTED [123.59.60.110]:39922
Jan 18 03:17:33 mail postfix/postscreen[12606]: PREGREET 295 after 0.01 from [123.59.60.110]:39922: \22\3\1\1"\1\0\1\30\3\3\1343\238b\23\174\238\223\28^VYf\22\253r\19?\226v1\188\189\184\245H\175\145r\
Jan 18 03:17:33 mail postfix/postscreen[12606]: CONNECT from [123.59.60.110]:34059 to [10.192.176.16]:25
Jan 18 03:17:33 mail postfix/postscreen[12606]: BLACKLISTED [123.59.60.110]:34059
Jan 18 03:17:33 mail postfix/postscreen[12606]: BARE NEWLINE from [123.59.60.110]:39922 after \22\3\1\1"\1\0\1\30\3\3\1343\238b\23\174\238\223\28^VYf\22\253r\19?\226v1\188\189\184\245H\175\145r\226\235\135\0\0\136\1920\192,\192(\192$\192\20\192
Jan 18 03:17:33 mail postfix/postscreen[12606]: COMMAND PIPELINING from [123.59.60.110]:39922 after ????"?: \0\163\0\159\0k\0j\0009\0008\0\136\0\135\1922\192.\192*\192&\192\15\192\5\0\157\0=\0005\0\132\192\18\192\b\0\22\0\19\192\r\192\3\0\n\192/\192+\192'\192#\192\19\192\t\0\162\0\158\0g\0@\0003\0002\0\154\0\153\0E\0D\1921\192-\192)\192%\192\14\192\4\0\156\0<\0/
Jan 18 03:17:33 mail postfix/postscreen[12606]: HANGUP after 0 from [123.59.60.110]:39922 in tests after SMTP handshake
Jan 18 03:17:33 mail postfix/postscreen[12606]: DISCONNECT [123.59.60.110]:39922
Jan 18 03:17:36 mail postfix/postscreen[12606]: PREGREET 3 after 3.1 from [123.59.60.110]:34059: \255\253\1
Jan 18 03:17:40 mail postfix/postscreen[12606]: HANGUP after 3.2 from [123.59.60.110]:34059 in tests after SMTP handshake
Jan 18 03:17:40 mail postfix/postscreen[12606]: DISCONNECT [123.59.60.110]:34059

Jan 25 18:04:32 mail postfix/postscreen[13246]: CONNECT from [219.80.xx.yy]:15135 to [10.10.10.10]:25
Jan 25 18:04:32 mail postfix/postscreen[13246]: CONNECT from [219.80.xx.yy]:64281 to [10.10.10.10]:25
Jan 25 18:04:32 mail postfix/submission/smtpd[13245]: connect from 219-80-xx-yy.static.tfn.net.tw[219.80.xx.yy]
Jan 25 18:04:32 mail postfix/submission/smtpd[13252]: connect from 219-80-xx-yy.static.tfn.net.tw[219.80.xx.yy]
Jan 25 18:04:32 mail postfix/submission/smtpd[13245]: improper command pipelining after EHLO from 219-80-xx-yy.static.tfn.net.tw[219.80.xx.yy]: QUIT\r\n
Jan 25 18:04:32 mail postfix/submission/smtpd[13245]: disconnect from 219-80-xx-yy.static.tfn.net.tw[219.80.xx.yy]
Jan 25 18:04:32 mail postfix/postscreen[13246]: PREGREET 33 after 0.11 from [219.80.xx.yy]:15135: EHLO we-guess.mozilla.org\r\nQUIT\r\n
Jan 25 18:04:32 mail postfix/submission/smtpd[13252]: improper command pipelining after EHLO from 219-80-xx-yy.static.tfn.net.tw[219.80.xx.yy]: QUIT\r\n
Jan 25 18:04:32 mail postfix/submission/smtpd[13252]: disconnect from 219-80-xx-yy.static.tfn.net.tw[219.80.xx.yy]
Jan 25 18:04:32 mail postfix/postscreen[13246]: PREGREET 33 after 0.11 from [219.80.xx.yy]:64281: EHLO we-guess.mozilla.org\r\nQUIT\r\n
Jan 25 18:04:32 mail postfix/postscreen[13246]: COMMAND PIPELINING from [219.80.xx.yy]:15135 after EHLO: QUIT\r\n
Jan 25 18:04:32 mail postfix/postscreen[13246]: DISCONNECT [219.80.xx.yy]:15135
Jan 25 18:04:32 mail postfix/postscreen[13246]: COMMAND PIPELINING from [219.80.xx.yy]:64281 after EHLO: QUIT\r\n
Jan 25 18:04:32 mail postfix/postscreen[13246]: DISCONNECT [219.80.xx.yy]:64281

Jan 13 18:11:46 mail clamd[1635]: SelfCheck: Database status OK.
Jan 13 18:17:17 mail postfix/postscreen[12382]: CONNECT from [103.255.177.76]:49299 to [10.10.10.10]:25
Jan 13 18:17:17 mail postfix/postscreen[12382]: PREGREET 13 after 0 from [103.255.177.76]:49299: EHLO ubuntu\r\n
Jan 13 18:17:17 mail postfix/postscreen[12382]: DISCONNECT [103.255.177.76]:49299
Jan 13 18:21:46 mail clamd[1635]: SelfCheck: Database status OK.
--
Jan 13 19:41:46 mail clamd[1635]: SelfCheck: Database status OK.
Jan 13 19:48:00 mail postfix/postscreen[12571]: CONNECT from [103.255.177.76]:50211 to [10.10.10.10]:25
Jan 13 19:48:00 mail postfix/postscreen[12571]: PREGREET 13 after 0 from [103.255.177.76]:50211: EHLO ubuntu\r\n
Jan 13 19:48:01 mail postfix/postscreen[12571]: DISCONNECT [103.255.177.76]:50211
Jan 13 19:51:46 mail clamd[1635]: SelfCheck: Database status OK.
--
Jan 13 21:28:33 mail postfix/anvil[12915]: statistics: max cache size 1 at Jan 13 21:25:13
Jan 13 21:28:46 mail postfix/postscreen[12929]: CONNECT from [103.255.177.76]:42388 to [10.10.10.10]:25
Jan 13 21:28:46 mail postfix/postscreen[12929]: PREGREET 13 after 0 from [103.255.177.76]:42388: EHLO ubuntu\r\n
Jan 13 21:28:47 mail postfix/postscreen[12929]: DISCONNECT [103.255.177.76]:42388