fail2ban/config/filter.d/uwimap-auth.conf

# Fail2Ban filter for uwimap
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = (?:ipop3d|imapd)

failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|disabled|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[<HOST>\]\s*$ 
            ^%(__prefix_line)sFailed .* override of user=.* host=.*\[<HOST>\]\s*$

ignoreregex = 

# Author: Amir Caspi
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban filter for uwimap`
ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 08:06:27 +00:00			`#`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 08:06:27 +00:00			`[INCLUDES]`

			`before = common.conf`

			`[Definition]`

			`_daemon = (?:ipop3d\|imapd)`

ENH: filter.d/uwimap-auth - add "disabled" to regex 2013-10-01 12:10:33 +00:00			`failregex = ^%(__prefix_line)sLogin (?:failed\|excessive login failures\|disabled\|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.\[<HOST>\]\s$`
ENH: filter.d/uwimap-auth - failure of an admin override to regex 2013-10-01 12:32:57 +00:00			`^%(__prefix_line)sFailed .* override of user=.* host=.\[<HOST>\]\s$`
ENH: filter.d/uwimap-auth added. Closes #18 2013-09-29 08:06:27 +00:00
			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
			`# Author: Amir Caspi`