diff --git a/ChangeLog b/ChangeLog
index f32a1858..f13dc319 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -61,6 +61,7 @@ configuration before relying on it.
    * Filter for Counter Strike 1.6. Thanks to onorua for logs.
      Close gh-347
    * Filter for squirrelmail. Close gh-261
+   * Filter for tine20. Close gh-583
 
 - Enhancements
    * Jail names increased to 26 characters and iptables prefix reduced
diff --git a/config/filter.d/tine20.conf b/config/filter.d/tine20.conf
new file mode 100644
index 00000000..a878d890
--- /dev/null
+++ b/config/filter.d/tine20.conf
@@ -0,0 +1,13 @@
+# Fail2Ban filter for Tine 2.0 authentication
+#
+# Enable logging with:
+# $config['info_log']='/var/log/tine20/tine20.log';
+#
+
+[Definition]
+
+failregex = Login with username .* from <HOST> failed
+
+ignoreregex = 
+
+# Author: mkl from Tine20.org forum
diff --git a/config/jail.conf b/config/jail.conf
index 03ac242d..bb3cb38d 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -435,6 +435,12 @@ port     = http,https
 logpath  = /var/log/sogo/sogo.log
 
 
+[tine20]
+
+logpath  = /var/log/tine20/tine20.log
+port     = http,https
+maxretry = 5
+
 
 #
 # Web Applications
diff --git a/testcases/files/logs/tine20 b/testcases/files/logs/tine20
new file mode 100644
index 00000000..87d5c8ae
--- /dev/null
+++ b/testcases/files/logs/tine20
@@ -0,0 +1,2 @@
+# failJSON: { "time": "2014-01-13T05:02:22", "match": true, "host": "127.0.0.1" }
+78017 00cff -- none -- - 2014-01-13T05:02:22+00:00 WARN (4): Tinebase_Controller::login::106 Login with username sdfsadf from 127.0.0.1 failed (-1)!