From 117d3b04669a7c1ee764288213fcecef4fdbd523 Mon Sep 17 00:00:00 2001
From: Daniel Black <grooverdan@users.sourceforge.net>
Date: Thu, 2 Jan 2014 23:12:36 +1100
Subject: [PATCH] MRG: horde filter from master

---
 ChangeLog                       |  1 +
 config/filter.d/horde.conf      | 16 ++++++++++++++++
 fail2ban/tests/files/logs/horde |  6 ++++++
 testcases/files/logs/horde      |  2 --
 4 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 config/filter.d/horde.conf
 create mode 100644 fail2ban/tests/files/logs/horde
 delete mode 100644 testcases/files/logs/horde

diff --git a/ChangeLog b/ChangeLog
index f340b1dd..850495f3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -111,6 +111,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
   - Added filter for solid-pop3d -- thanks to Jacques Lav!gnotte on mailinglist.
   - Added filter for apache-modsecurity
   - Added filter for openwebmail thanks Ivo Truxa. Closes gh-543
+  - Added filter for horde
 
 ver. 0.8.11 (2013/11/13) - loves-unittests-and-tight-DoS-free-filter-regexes
 
diff --git a/config/filter.d/horde.conf b/config/filter.d/horde.conf
new file mode 100644
index 00000000..b94ebf64
--- /dev/null
+++ b/config/filter.d/horde.conf
@@ -0,0 +1,16 @@
+# fail2ban filter configuration for horde
+
+
+[Definition]
+
+
+failregex = ^ HORDE \[error\] \[(horde|imp)\] FAILED LOGIN for \S+ \[<HOST>\](\(forwarded for \[\S+\]\))? to (Horde|{[^}]+}) \[(pid \d+ )?on line \d+ of \S+\]$
+
+
+ignoreregex = 
+
+# DEV NOTES:
+# https://github.com/horde/horde/blob/master/imp/lib/Auth.php#L132
+# https://github.com/horde/horde/blob/master/horde/login.php
+# 
+# Author: Daniel Black
diff --git a/fail2ban/tests/files/logs/horde b/fail2ban/tests/files/logs/horde
new file mode 100644
index 00000000..135deee3
--- /dev/null
+++ b/fail2ban/tests/files/logs/horde
@@ -0,0 +1,6 @@
+# failJSON: { "time": "2004-11-11T18:57:57", "match": true , "host": "203.16.208.190" }
+Nov 11 18:57:57 HORDE [error] [horde] FAILED LOGIN for graham [203.16.208.190] to Horde [on line 116 of "/home/ace-hosting/public_html/horde/login.php"]
+
+# failJSON: { "time": "2004-12-15T08:59:59", "match": true , "host": "1.2.3.4" }
+Dec 15 08:59:59 HORDE [error] [imp] FAILED LOGIN for emai.user@somedomain.com [1.2.3.4] to {mx.somedomain.com:993 [imap/ssl/novalidate-cert]} [pid 68394 on line 139 of /usr/local/www/www.somedomain.com/public_html/horde/imp/lib/Auth/imp.php"]
+
diff --git a/testcases/files/logs/horde b/testcases/files/logs/horde
deleted file mode 100644
index 55f2a6af..00000000
--- a/testcases/files/logs/horde
+++ /dev/null
@@ -1,2 +0,0 @@
-Nov 11 18:57:57 HORDE [error] [horde] FAILED LOGIN for graham [203.16.208.190] to Horde [on line 116 of "/home/ace-hosting/public_html/horde/login.php"]
-