From fa698fc4ab5f97dc14abb3dc8b24fb388dd8af70 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin <Zhang Huangbin@localhost>
Date: Mon, 12 Dec 2016 22:34:15 +0800
Subject: [PATCH] Sync iRedMail upgrade tutorial.

---
 .../0-upgrade.iredmail.0.9.5.1-0.9.6.md       | 25 ++++++++++++++++++
 html/upgrade.iredmail.0.9.5.1-0.9.6.html      | 26 +++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md b/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md
index 836e35bf..bc6b1636 100644
--- a/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md
+++ b/en_US/upgrade/0-upgrade.iredmail.0.9.5.1-0.9.6.md
@@ -17,6 +17,7 @@
 
 ## ChangeLog
 
+* Dec 12, 2016: Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
 * Nov  9, 2016: Fixed: Memcached listens on all available IP addresses instead of `127.0.0.1`
 * Nov  9, 2016: Fixed: not allow access to '/.well-known/' in Nginx
 * Nov  1, 2016: Fixed: invalid default (datetime) value for some SQL columns in 'vmail' database.
@@ -312,6 +313,30 @@ Then restart memcached service:
 rcctl restart memcached
 ```
 
+### Improve Fail2ban filter regular expression to catch more POP3/IMAP spams
+
+> This step is applicable to Linux system.
+
+We have one new Fail2ban filter regular expression to catch unauth clients
+which generates log like below:
+
+> Dec 11 16:49:41 imap-login: Info: Disconnected (auth failed, 1 attempts in
+> 2 secs): user=<admin@example.net>, method=PLAIN, rip=212.8.246.222,
+> lip=10.11.12.13, TLS: Disconnected, session=<xxfH9mhDwgDUCPbe>
+
+Steps:
+
+* On Linux:
+
+```
+cd /etc/fail2ban/filter.d/
+rm -f dovecot.iredmail.conf
+wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
+service fail2ban reload
+```
+
+* On FreeBSD and OpenBSD, we don't have Fail2ban configured, so not applicable.
+
 ## OpenLDAP backend special
 
 ### Fixed: mail accounts (user, alias, list) are still active when domain is disabled
diff --git a/html/upgrade.iredmail.0.9.5.1-0.9.6.html b/html/upgrade.iredmail.0.9.5.1-0.9.6.html
index 6a961758..94ba7ee8 100644
--- a/html/upgrade.iredmail.0.9.5.1-0.9.6.html
+++ b/html/upgrade.iredmail.0.9.5.1-0.9.6.html
@@ -38,6 +38,7 @@
 <li><a href="#fixed-nginx-doesnt-forward-real-client-ip-address-to-sogo">Fixed: Nginx doesn't forward real client IP address to SOGo</a></li>
 <li><a href="#fixed-sogo-313-and-later-releases-changed-argument-used-by-sogo-tool-command">Fixed: SOGo-3.1.3 (and later releases) changed argument used by sogo-tool command</a></li>
 <li><a href="#fixed-memcached-listens-on-all-available-ip-addresses-instead-of-127001">Fixed: Memcached listens on all available IP addresses instead of 127.0.0.1</a></li>
+<li><a href="#improve-fail2ban-filter-regular-expression-to-catch-more-pop3imap-spams">Improve Fail2ban filter regular expression to catch more POP3/IMAP spams</a></li>
 </ul>
 </li>
 <li><a href="#openldap-backend-special">OpenLDAP backend special</a><ul>
@@ -73,6 +74,7 @@ check <a href="../support.html">the details</a> and <a href="../contact.html">co
 </ul>
 <h2 id="changelog">ChangeLog</h2>
 <ul>
+<li>Dec 12, 2016: Improve Fail2ban filter regular expression to catch more POP3/IMAP spams</li>
 <li>Nov  9, 2016: Fixed: Memcached listens on all available IP addresses instead of <code>127.0.0.1</code></li>
 <li>Nov  9, 2016: Fixed: not allow access to '/.well-known/' in Nginx</li>
 <li>Nov  1, 2016: Fixed: invalid default (datetime) value for some SQL columns in 'vmail' database.</li>
@@ -337,6 +339,30 @@ to the IP address of your jail.</p>
 <pre><code>rcctl restart memcached
 </code></pre>
 
+<h3 id="improve-fail2ban-filter-regular-expression-to-catch-more-pop3imap-spams">Improve Fail2ban filter regular expression to catch more POP3/IMAP spams</h3>
+<blockquote>
+<p>This step is applicable to Linux system.</p>
+</blockquote>
+<p>We have one new Fail2ban filter regular expression to catch unauth clients
+which generates log like below:</p>
+<blockquote>
+<p>Dec 11 16:49:41 imap-login: Info: Disconnected (auth failed, 1 attempts in
+2 secs): user=<a href="&#109;&#97;&#105;&#108;&#116;&#111;&#58;&#97;&#100;&#109;&#105;&#110;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#110;&#101;&#116;">&#97;&#100;&#109;&#105;&#110;&#64;&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#110;&#101;&#116;</a>, method=PLAIN, rip=212.8.246.222,
+lip=10.11.12.13, TLS: Disconnected, session=<xxfH9mhDwgDUCPbe></p>
+</blockquote>
+<p>Steps:</p>
+<ul>
+<li>On Linux:</li>
+</ul>
+<pre><code>cd /etc/fail2ban/filter.d/
+rm -f dovecot.iredmail.conf
+wget https://bitbucket.org/zhb/iredmail/raw/default/iRedMail/samples/fail2ban/filter.d/dovecot.iredmail.conf
+service fail2ban reload
+</code></pre>
+
+<ul>
+<li>On FreeBSD and OpenBSD, we don't have Fail2ban configured, so not applicable.</li>
+</ul>
 <h2 id="openldap-backend-special">OpenLDAP backend special</h2>
 <h3 id="fixed-mail-accounts-user-alias-list-are-still-active-when-domain-is-disabled">Fixed: mail accounts (user, alias, list) are still active when domain is disabled</h3>
 <blockquote>