diff --git a/config/filter.d/uwimap-auth.conf b/config/filter.d/uwimap-auth.conf
index c6a062dc..5e39fbbf 100644
--- a/config/filter.d/uwimap-auth.conf
+++ b/config/filter.d/uwimap-auth.conf
@@ -10,6 +10,6 @@ before = common.conf
 
 _daemon = (?:ipop3d|imapd)
 
-failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[<HOST>\]\s*$ 
+failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|disabled|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[<HOST>\]\s*$ 
 
 ignoreregex = 
diff --git a/testcases/files/logs/uwimap-auth b/testcases/files/logs/uwimap-auth
index b29a3e6f..ee141bd4 100644
--- a/testcases/files/logs/uwimap-auth
+++ b/testcases/files/logs/uwimap-auth
@@ -12,3 +12,7 @@ Jan 14 20:28:07 grog imapd[19343]: Login excessive login failures user=user auth
 # failJSON: { "time": "2005-04-08T16:32:01", "match": true , "host": "198.52.115.74" }
 Apr 8 16:32:01 abdon imapd[29087]: Login excessive login failures user=brada auth=brada host=xxxxxx [198.52.115.74]
 
+
+# http://www.howtoforge.com/forums/showthread.php?t=3786
+# failJSON: { "time": "2005-04-08T16:32:01", "match": true , "host": "127.0.0.1" }
+Apr 8 16:32:01 abdon imapd[21172]: Login disabled user=test auth=test host=localhost.localdomain [127.0.0.1]