diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
new file mode 100644
index 00000000..5392d3a9
--- /dev/null
+++ b/config/filter.d/dovecot.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file for dovcot
+#
+# Author: 
+#
+# $Revision: $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =