{
      cmd: ['journalctl', '-fn0', '-u', 'postfix@-.service'],
      filters: {
        badguy: {
          regex: [
            @'^.* improper command pipelining after CONNECT from unknown\[<ip>\].*',
            @'^.*\[<ip>\].*tiscali.it.*',
            @'^.* NOQUEUE: reject: RCPT from unknown\[<ip>\]: 504 5.5.2 .* Helo command rejected: need fully-qualified hostname; .*',
            @'^.*connect from .*censys.*\[<ip>\]',
            @'^.*connect from .*stretchoid.*\[<ip>\]',
          ],
          retry: 1,
          retryperiod: '6h',
          actions: banFor('720h') + sendmail('<ip>','"Banni un mois sans seconde chance pour avoir mal causé à Postfix"'),
        },
      },
    },