From 6558c03f8e138eaadcb2fa4b6bc93dad737a71fd Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Wed, 23 Mar 2011 20:36:28 +0000
Subject: [PATCH] NF: Adding found on a drive filter.d/dovecot.conf

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@770 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/filter.d/dovecot.conf | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 config/filter.d/dovecot.conf

diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
new file mode 100644
index 00000000..5392d3a9
--- /dev/null
+++ b/config/filter.d/dovecot.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file for dovcot
+#
+# Author: 
+#
+# $Revision: $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =