diff --git a/elk/Dockerfile b/elk/Dockerfile
index 40f4486b..700b57a1 100644
--- a/elk/Dockerfile
+++ b/elk/Dockerfile
@@ -1,8 +1,21 @@
 FROM sebp/elk
 
 RUN mkdir /etc/logstash/patterns.d
+#postfix grok and filter
 RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/master/postfix.grok > /etc/logstash/patterns.d/postfix.grok
 RUN curl -L https://raw.githubusercontent.com/whyscream/postfix-grok-patterns/master/50-filter-postfix.conf > /etc/logstash/conf.d/15-filter-postfix.conf
+# amavis grok and filter
+RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/amavis.grok > /etc/logstash/patterns.d/amavis.grok
+RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-amavis.conf > /etc/logstash/conf.d/16-filter-amavis.conf
+# dovecot grok and filter
+RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/patterns.d/dovecot.grok > /etc/logstash/patterns.d/dovecot.grok
+RUN curl -L https://raw.githubusercontent.com/ninech/logstash-patterns/master/exmples/50-filter-dovecot.conf > /etc/logstash/conf.d/17-filter-dovecot.conf
+# FIXME: may be a cron job? 
+RUN mkdir  -p /usr/share/GeoIP && \
+ curl -L http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz | gunzip -c - > /usr/share/GeoIP/GeoLiteCity.dat 
+
+WORKDIR ${LOGSTASH_HOME}
+RUN gosu logstash bin/logstash-plugin install --local --no-verify logstash-filter-geoip
 
 # add mailserver listen
 ADD 01-mailserver.conf /etc/logstash/conf.d/