diff --git a/config/filter.d/roundcube-auth.conf b/config/filter.d/roundcube-auth.conf
new file mode 100644
index 00000000..41766e31
--- /dev/null
+++ b/config/filter.d/roundcube-auth.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file for roundcube web server
+#
+# Author: Teodor Micu & Yaroslav Halchenko
+#
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = FAILED login for .*. from <HOST>\s*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/config/jail.conf b/config/jail.conf
index 3f2425b4..1817ebd5 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -192,6 +192,15 @@ action   = shorewall
            sendmail[name=Postfix, dest=you@example.com]
 logpath  = /var/log/apache2/error_log
 
+# Monitor roundcube server
+
+[roundcube-iptables]
+
+enabled  = false
+filter   = roundcube-auth
+action   = iptables[name=RoundCube, port="http,https"]
+logpath  = /var/log/roundcube/userlogins
+
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
 # of usage in production environments.
diff --git a/testcases/files/logs/roundcube-auth b/testcases/files/logs/roundcube-auth
new file mode 100644
index 00000000..d16f7266
--- /dev/null
+++ b/testcases/files/logs/roundcube-auth
@@ -0,0 +1 @@
+[22-Jan-2013 22:28:21 +0200]: FAILED login for user1 from 192.0.43.10