postfix 屏蔽多次auth失败ip

#! /bin/sh
cd /root/workdir/sendEmail-v1.56

datemonth=`date +%Y-%m`
res=`grep "authentication failed" /volume1/@maillog/maillog | grep $datemonth | awk '{print $5}'|awk -F '[[\\\\]]' '{print $2}'|sort|uniq -c`

blacklist_file=/var/packages/MailPlus-Server/target/etc/access/smtpd_client_blacklist

have_auth_error=0
OLD_IFS=$IFS
IFS=$'\n'
for l in $res
do
    f1=`echo $l|awk '{print $1}'`
    f2=`echo $l|awk '{print $2}'`
    if [ $f1 -gt 3 ]
    then
      #echo $f2
      grep $f2 $blacklist_file
      if [ $? != 0 ]
      then
        have_auth_error=1
        echo "$f2 reject" >> $blacklist_file
      fi
    fi
done
IFS=$OLD_IFS

mailbody="grep result:\n"$res"\n--------------\nblacklist:\n`cat $blacklist_file`"

#echo -e "$mailbody" >ttt

today=`date +%Y%m%d`

if [ $have_auth_error = 1 ]
then
    /volume1/@appstore/MailPlus-Server/sbin/postfix reload
    sleep 3
   ./sendEmail -f 'Report<reporter@niuhes.cn>' -t niuhes@163.com -s 127.0.0.1:5870 -u "$today adding blacklist ip" -m "$mailbody" -o tls=no
else
    echo "no auth fail.."
fi

timehour=`date +%H`
if [ $timehour = 07 ]
then
    ./sendEmail -f 'Report<reporter@niuhes.cn>' -t niuhes@163.com -s 127.0.0.1:5870 -u "$today added blacklist ip report" -m "$mailbody" -o tls=no
fi

也可通过iptables禁用ip，参见
屏蔽刷postfix IP的脚本

在/etc/crontab中加入定时任务每小时执行一次
0 */1 * * * root /volume1/docker/frp_0.27.0_linux_386/authfail_sendmail.sh > /dev/null 2>&1

群辉重启服务命令：
synoservice --restart crond