fail2ban/config/filter.d/cyrus-imap.conf

# Fail2Ban configuration file
#
# Author: Jan Wagner <waja@cyconet.org>
#
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = (?:cyrus/)?(?:imapd?|pop3d?)

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] (?:plaintext|LOGIN) .* \[?SASL\(-13\): authentication failure: checkpass failed\]?$
	    ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): authentication failure: incorrect (?:digest|NTLM) response\]$
	    ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication failure: client response doesn't match what we generated\]$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605 16 years ago			`# Fail2Ban configuration file`
			`#`
			`# Author: Jan Wagner <waja@cyconet.org>`
			`#`
			`#`

ENH: Improve cyrus-imap regex and add sample log file 12 years ago			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# common.local`
			`before = common.conf`


- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605 16 years ago			`[Definition]`

ENH: Improve cyrus-imap regex and add sample log file 12 years ago			`_daemon = (?:cyrus/)?(?:imapd?\|pop3d?)`

- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605 16 years ago			`# Option: failregex`
			`# Notes.: regex to match the password failures messages in the logfile. The`
			`# host must be matched by a group named "host". The tag "<HOST>" can`
			`# be used for standard IP/hostname matching and is only an alias for`
- Changed <HOST> template to be more restrictive. Debian bug #514163. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@728 a942ae1a-1317-0410-a47c-b1dcaea8d605 16 years ago			`# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605 16 years ago			`# Values: TEXT`
			`#`
ENH: Improve cyrus-imap regex and add sample log file 12 years ago			`failregex = ^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] (?:plaintext\|LOGIN) .* \[?SASL\(-13\): authentication failure: checkpass failed\]?$`
			`^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] (?:CRAM-MD5\|NTLM) \[SASL\(-13\): authentication failure: incorrect (?:digest\|NTLM) response\]$`
			`^%(__prefix_line)sbadlogin: \S+ \[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication failure: client response doesn't match what we generated\]$`
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953. git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@727 a942ae1a-1317-0410-a47c-b1dcaea8d605 16 years ago
			`# Option: ignoreregex`
			`# Notes.: regex to ignore. If this regex matches, the line is ignored.`
			`# Values: TEXT`
			`#`
			`ignoreregex =`