crowdsecurity/postfix-logs non-SMTP command not matching on Postscreen stage

[Commy]

Hi CrowdSec team,

I noticed that the official crowdsecurity/postfix-logs parser does not account for non-SMTP commands that are detected at the postscreen stage. These log entries look like:

postfix/postscreen[12345]: NON-SMTP COMMAND from [IP]:port after CONNECT: ...

However, the parser currently only filters for smtpd logs and expects lines like:

postfix/smtpd[12345]: warning: non-SMTP command from ...

Because of this, CrowdSec does not ban IPs that send non-SMTP commands during the Postscreen phase.

Would you consider extending the parser / collection to include support for postscreen non-SMTP command log lines?

Thanks!