fail2ban/config/filter.d/cyrus-imap.conf

21 lines
443 B
Plaintext
Raw Normal View History

# Fail2Ban filter for authentication failures on Cyrus imap server
#
#
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = (?:cyrus/)?(?:imap(d|s)?|pop3(d|s)?)
failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[<HOST>\] \S+ .*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$
ignoreregex =
# Author: Jan Wagner <waja@cyconet.org>