diff --git a/ChangeLog b/ChangeLog
index c6a39d87..6b5c9864 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,109 +1,102 @@
-               __      _ _ ___ _               
-              / _|__ _(_) |_  ) |__  __ _ _ _  
-             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
-             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+                         __      _ _ ___ _               
+                        / _|__ _(_) |_  ) |__  __ _ _ _  
+                       |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+                       |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
-=============================================================
-Fail2Ban (version 0.8.4)                           2008/??/??
-=============================================================
+================================================================================
+Fail2Ban (version 0.8.4)                                              2009/02/??
+================================================================================
 
-ver. 0.8.4 (2008/??/??) - stable
+ver. 0.8.4 (2009/??/??) - stable
 ----------
-- Merged patches from Debian package. Thanks to Yaroslav
-  Halchenko.
-- Use current day and month instead of Jan 1st if both are
-  not available in the log. Thanks to Andreas Itzchak
-  Rehberg.
-- Try to match the regex even if the line does not contain a
-  valid date/time. Described in Debian #491253. Thanks to
-  Yaroslav Halchenko.
+- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
+- Use current day and month instead of Jan 1st if both are not available in the
+  log. Thanks to Andreas Itzchak Rehberg.
+- Try to match the regex even if the line does not contain a valid date/time.
+  Described in Debian #491253. Thanks to Yaroslav Halchenko.
 - Added/improved filters and date formats.
-- Added actions to report abuse to ISP, DShield and
-  myNetWatchman. Thanks to Russell Odom.
+- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to
+  Russell Odom.
+- Suse init script. Remove socket file on startup is fail2ban crashed. Thanks to
+  Detlef Reichelt.
+- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
+- Added nagios script. Thanks to Sebastian Mueller.
+- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
+- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
+- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
+  #2484115.
+- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
+- Changed <HOST> template to be more restrictive. Debian bug #514163.
+- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct
+  fix but seems to work. Tracker #2500276.
+- Made the named-refused regex a bit less restrictive in order to match logs
+  with "view". Thanks to Stephen Gildea.
+- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker
+  #2019714.
 
 ver. 0.8.3 (2008/07/17) - stable
 ----------
 - Process failtickets as long as failmanager is not empty.
-- Added "pam-generic" filter and more configuration fixes.
-  Thanks to Yaroslav Halchenko.
-- Fixed socket path in redhat and suse init script. Thanks to
-  Jim Wight.
-- Fixed PID file while started in daemon mode. Thanks to
-  Christian Jobic who submitted a similar patch.
+- Added "pam-generic" filter and more configuration fixes. Thanks to Yaroslav
+  Halchenko.
+- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
+- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who
+  submitted a similar patch.
 - Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
 - Added gssftpd filter. Thanks to Kevin Zembower.
-- Added "Day/Month/Year Hour:Minute:Second" date template.
-  Thanks to Dennis Winter.
-- Fixed ignoreregex processing in fail2ban-client. Thanks to
-  René Berber.
+- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis
+  Winter.
+- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
 - Added ISO 8601 date/time format.
 - Added and changed some logging level and messages.
-- Added missing ignoreregex to filters. Thanks to Klaus
-  Lehmann.
-- Use poll instead of select in asyncore.loop. This should
-  solve the "Unknown error 514". Thanks to Michael Geiger and
-  Klaus Lehmann.
+- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
+- Use poll instead of select in asyncore.loop. This should solve the "Unknown
+  error 514". Thanks to Michael Geiger and Klaus Lehmann.
 
 ver. 0.8.2 (2008/03/06) - stable
 ----------
 - Fixed named filter. Thanks to Yaroslav Halchenko
-- Fixed wrong path for apache-auth in jail.conf. Thanks to
-  Vincent Deffontaines
-- Fixed timezone bug with epoch date template. Thanks to
-  Michael Hanselmann
-- Added "full line failregex" patch. Thanks to Yaroslav
-  Halchenko. It will be possible to create stronger failregex
-  against log injection
+- Fixed wrong path for apache-auth in jail.conf. Thanks to Vincent Deffontaines
+- Fixed timezone bug with epoch date template. Thanks to Michael Hanselmann
+- Added "full line failregex" patch. Thanks to Yaroslav Halchenko. It will be
+  possible to create stronger failregex against log injection
 - Fixed ipfw action script. Thanks to Nick Munger
-- Removed date from logging message when using SYSLOG. Thanks
-  to Iain Lea
-- Fixed "ignore IPs". Only the first value was taken into
-  account. Thanks to Adrien Clerc
+- Removed date from logging message when using SYSLOG. Thanks to Iain Lea
+- Fixed "ignore IPs". Only the first value was taken into account. Thanks to
+  Adrien Clerc
 - Moved socket to /var/run/fail2ban.
 - Rewrote the communication server.
 - Refactoring. Reduced number of files.
-- Removed Python 2.4. Minimum required version is now Python
-  2.3.
+- Removed Python 2.4. Minimum required version is now Python 2.3.
 - New log rotation detection algorithm.
 - Print monitored files in status.
-- Create a PID file in /var/run/fail2ban/. Thanks to Julien
-  Perez.
-- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed
-  this out. Thanks to Yaroslav Halchenko for the fix.
-- "reload <jail>" reloads a single jail and the parameters in
-  fail2ban.conf.
+- Create a PID file in /var/run/fail2ban/. Thanks to Julien Perez.
+- Fixed "Feb 29" bug. Thanks to James Andrewartha who pointed this out. Thanks
+  to Yaroslav Halchenko for the fix.
+- "reload <jail>" reloads a single jail and the parameters in fail2ban.conf.
 - Added Mac OS/X startup script. Thanks to Bill Heaton.
 - Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
 - Replaced "echo" with "printf" in actions. Fix #1839673
-- Replaced "reject" with "drop" in shorwall action. Fix
-  #1854875
+- Replaced "reject" with "drop" in shorwall action. Fix #1854875
 - Fixed Debian bug #456567, #468477, #462060, #461426
-- readline is now optional in fail2ban-client (not needed in
-  fail2ban-server).
+- readline is now optional in fail2ban-client (not needed in fail2ban-server).
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
 - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
-- Improved regular expressions. Thanks to Yaroslav Halchenko
-  and others
-- Added sendmail actions. The action started with "mail" are
-  now deprecated. Thanks to Raphaël Marichez
+- Improved regular expressions. Thanks to Yaroslav Halchenko and others
+- Added sendmail actions. The action started with "mail" are now deprecated.
+  Thanks to Raphaël Marichez
 - Added "ignoreregex" support to fail2ban-regex
-- Updated suse-initd and added it to MANIFEST. Thanks to
-  Christian Rauch
-- Tightening up the pid check in redhat-initd. Thanks to
-  David Nutter
-- Added webmin authentication filter. Thanks to Guillaume
-  Delvit
-- Removed textToDns() which is not required anymore. Thanks
-  to Yaroslav Halchenko
-- Added new action iptables-allports. Thanks to Yaroslav
-  Halchenko
-- Added "named" date format to date detector. Thanks to
-  Yaroslav Halchenko
-- Added filter file for named (bind9). Thanks to Yaroslav
+- Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch
+- Tightening up the pid check in redhat-initd. Thanks to David Nutter
+- Added webmin authentication filter. Thanks to Guillaume Delvit
+- Removed textToDns() which is not required anymore. Thanks to Yaroslav
   Halchenko
+- Added new action iptables-allports. Thanks to Yaroslav Halchenko
+- Added "named" date format to date detector. Thanks to Yaroslav Halchenko
+- Added filter file for named (bind9). Thanks to Yaroslav Halchenko
 - Fixed vsftpd filter. Thanks to Yaroslav Halchenko
 
 ver. 0.8.0 (2007/05/03) - stable
@@ -123,20 +116,17 @@ ver. 0.7.8 (2007/03/21) - release candidate
 ----------
 - Fixed asctime pattern in datedetector.py
 - Added new filters/actions. Thanks to Yaroslav Halchenko
-- Added Suse init script and modified gentoo-initd. Thanks to
-  Christian Rauch
+- Added Suse init script and modified gentoo-initd. Thanks to Christian Rauch
 - Moved every locking statements in a try..finally block
 
 ver. 0.7.7 (2007/02/08) - release candidate
 ----------
 - Added signal handling in fail2ban-client
 - Added a wonderful visual effect when waiting on the server
-- fail2ban-client returns an error code if configuration is
-  not valid
+- fail2ban-client returns an error code if configuration is not valid
 - Added new filters/actions. Thanks to Yaroslav Halchenko
 - Call Python interpreter directly (instead of using "env")
-- Added file support to fail2ban-regex. Benchmark feature has
-  been removed
+- Added file support to fail2ban-regex. Benchmark feature has been removed
 - Added cacti script and template.
 - Added IP list in "status <JAIL>". Thanks to Eric Gerbier
 
@@ -146,60 +136,53 @@ ver. 0.7.6 (2007/01/04) - beta
 - Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
 - Use numeric output for iptables in "actioncheck"
 - Fixed removal of host in hosts.deny. Thanks to René Berber
-- Added new date format (2006-12-21 06:43:20) and Exim4
-  filter. Thanks to mEDI
-- Several "failregex" and "ignoreregex" are now accepted.
-  Creation of rules should be easier now.
+- Added new date format (2006-12-21 06:43:20) and Exim4 filter. Thanks to mEDI
+- Several "failregex" and "ignoreregex" are now accepted. Creation of rules
+  should be easier now.
 - Added license in COPYING. Thanks to Axel Thimm
-- Allow comma in action options. The value of the option must
-  be escaped with " or '. Thanks to Yaroslav Halchenko
-- Now Fail2ban goes in /usr/share/fail2ban instead of
-  /usr/lib/fail2ban. This is more compliant with FHS. Thanks
-  to Axel Thimm and Yaroslav Halchenko
+- Allow comma in action options. The value of the option must be escaped with "
+  or '. Thanks to Yaroslav Halchenko
+- Now Fail2ban goes in /usr/share/fail2ban instead of /usr/lib/fail2ban. This is
+  more compliant with FHS. Thanks to Axel Thimm and Yaroslav Halchenko
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
-- Do not ban a host that is currently banned. Thanks to
-  Yaroslav Halchenko
-- The supported tags in "action(un)ban" are <ip>, <failures>
-  and <time>
+- Do not ban a host that is currently banned. Thanks to Yaroslav Halchenko
+- The supported tags in "action(un)ban" are <ip>, <failures> and <time>
 - Fixed refactoring bug (getLastcommand -> getLastAction)
-- Added option "ignoreregex" in filter scripts and jail.conf.
-  Feature Request #1283304
+- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request
+  #1283304
 - Fixed a bug in user defined time regex/pattern
 - Improved documentation
 - Moved version.py and protocol.py to common/
 - Merged "maxtime" option with "findtime"
-- Added "<HOST>" tag support in failregex which matches
-  default IP address/hostname. "(?P<host>\S)" is still valid
-  and supported
-- Fixed exception when calling fail2ban-server with unknown
-  option
-- Fixed Debian bug 400162. The "socket" option is now handled
-  correctly by fail2ban-client
+- Added "<HOST>" tag support in failregex which matches default IP
+  address/hostname. "(?P<host>\S)" is still valid and supported
+- Fixed exception when calling fail2ban-server with unknown option
+- Fixed Debian bug 400162. The "socket" option is now handled correctly by
+  fail2ban-client
 - Fixed RedHat init script. Thanks to Justin Shore
-- Changed timeout to 30 secondes before assuming the server
-  cannot be started. Thanks to Joël Bertrand
+- Changed timeout to 30 secondes before assuming the server cannot be started.
+  Thanks to Joël Bertrand
 
 ver. 0.7.4 (2006/11/01) - beta
 ----------
 - Improved configuration files. Thanks to Yaroslav Halchenko
 - Added man page for "fail2ban-regex"
 - Moved ban/unban messages from "info" level to "warn"
-- Added "-s" option to specify the socket path and "socket"
-  option in "fail2ban.conf"
+- Added "-s" option to specify the socket path and "socket" option in
+  "fail2ban.conf"
 - Added "backend" option in "jail.conf"
-- Added more filters/actions and jail samples. Thanks to Nick
-  Munger, Christoph Haas
+- Added more filters/actions and jail samples. Thanks to Nick Munger, Christoph
+  Haas
 - Improved testing framework
-- Fixed a bug in the return code handling of the executed
-  commands. Thanks to Yaroslav Halchenko
-- Signal handling. There is a bug with join() and signal in
-  Python
+- Fixed a bug in the return code handling of the executed commands. Thanks to
+  Yaroslav Halchenko
+- Signal handling. There is a bug with join() and signal in Python
 - Better debugging output for "fail2ban-regex"
 - Added support for more date format
-- cPickle does not work with Python 2.5. Use pickle instead
-  (performance is not a problem in our case)
+- cPickle does not work with Python 2.5. Use pickle instead (performance is not
+  a problem in our case)
 
 ver. 0.7.3 (2006/09/28) - beta
 ----------
@@ -219,15 +202,13 @@ ver. 0.7.2 (2006/09/10) - beta
 - Improved client output
 - Added more get/set commands
 - Added more configuration templates
-- Removed "logpath" and "maxretry" from filter templates.
-  They must be defined in jail.conf now
+- Removed "logpath" and "maxretry" from filter templates. They must be defined
+  in jail.conf now
 - Added interactive mode. Use "-i"
-- Added a date detector. "timeregex" and "timepattern" are no
-  more needed
-- Added "fail2ban-regex". This is a tool to help finding
-  "failregex"
-- Improved server communication. Start a new thread for each
-  incoming request. Fail2ban is not really thread-safe yet
+- Added a date detector. "timeregex" and "timepattern" are no more needed
+- Added "fail2ban-regex". This is a tool to help finding "failregex"
+- Improved server communication. Start a new thread for each incoming request.
+  Fail2ban is not really thread-safe yet
 
 ver. 0.7.1 (2006/08/23) - alpha
 ----------
@@ -238,106 +219,91 @@ ver. 0.7.1 (2006/08/23) - alpha
 
 ver. 0.7.0 (2006/08/23) - alpha
 ----------
-- Almost a complete rewrite :) Fail2ban design is really
-  better (IMHO). There is a lot of new features
+- Almost a complete rewrite :) Fail2ban design is really better (IMHO). There is
+  a lot of new features
 - Client/Server architecture
-- Multithreading. Each jail has its own threads: one for the
-  log reading and another for the actions
+- Multithreading. Each jail has its own threads: one for the log reading and
+  another for the actions
 - Execute several actions
-- Split configuration files. They are more readable and easy
-  to use
-- failregex uses group (<host>) now. This feature was already
-  present in the Debian package
+- Split configuration files. They are more readable and easy to use
+- failregex uses group (<host>) now. This feature was already present in the
+  Debian package
 - lots of things...
 
 ver. 0.6.1 (2006/03/16) - stable
 ----------
-- Added permanent banning. Set banTime to a negative value to
-  enable this feature (-1 is perfect). Thanks to Mannone
+- Added permanent banning. Set banTime to a negative value to enable this
+  feature (-1 is perfect). Thanks to Mannone
 - Fixed locale bug. Thanks to Fernando José
 - Fixed crash when time format does not match data
-- Propagated patch from Debian to fix fail2ban search path 
-  addition to the path search list: now it is added first. 
-  Thanks to Nick Craig-Wood
-- Added SMTP authentification for mail notification. Thanks
-  to Markus Hoffmann
+- Propagated patch from Debian to fix fail2ban search path addition to the path
+  search list: now it is added first. Thanks to Nick Craig-Wood
+- Added SMTP authentification for mail notification. Thanks to Markus Hoffmann
 - Removed debug mode as it is confusing for people
-- Added parsing of timestamp in TAI64N format (#1275325).
-  Thanks to Mark Edgington
-- Added patch #1382936 (Default formatted syslog logging).
-  Thanks to Patrick B�rjesson
-- Removed 192.168.0.0/16 from ignoreip. Attacks could also
-  come from the local network.
-- Robust startup: if iptables module does not get fully
-  initialized after startup of fail2ban, fail2ban will do
-  "maxreinit" attempts to initialize its own firewall. It
-  will sleep between attempts for "polltime" number of
-  seconds (closes Debian: #334272). Thanks to Yaroslav
-  Halchenko
-- Added "interpolations" in fail2ban.conf. This is provided
-  by the ConfigParser module. Old configuration files still
-  work. Thanks to Yaroslav Halchenko
-- Added initial support for hosts.deny and shorewall. Need
-  more testing. Please test. Thanks to kojiro from Gentoo
-  forum for hosts.deny support
+- Added parsing of timestamp in TAI64N format (#1275325). Thanks to Mark
+  Edgington
+- Added patch #1382936 (Default formatted syslog logging). Thanks to Patrick
+  B�rjesson
+- Removed 192.168.0.0/16 from ignoreip. Attacks could also come from the local
+  network.
+- Robust startup: if iptables module does not get fully initialized after
+  startup of fail2ban, fail2ban will do "maxreinit" attempts to initialize its
+  own firewall. It will sleep between attempts for "polltime" number of seconds
+  (closes Debian: #334272). Thanks to Yaroslav Halchenko
+- Added "interpolations" in fail2ban.conf. This is provided by the ConfigParser
+  module. Old configuration files still work. Thanks to Yaroslav Halchenko
+- Added initial support for hosts.deny and shorewall. Need more testing. Please
+  test. Thanks to kojiro from Gentoo forum for hosts.deny support
 - Added support for vsftpd. Thanks to zugeschmiert
 
 ver. 0.6.0 (2005/11/20) - stable
 ----------
-- Propagated patches introduced by Debian maintainer 
-  (Yaroslav Halchenko):
-  * Added an option to report local time (including timezone)
-    or GMT in mail notification.
+- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
+  * Added an option to report local time (including timezone) or GMT in mail
+    notification.
 
 ver. 0.5.5 (2005/10/26) - beta
 ----------
-- Propagated patches introduced by Debian maintainer 
-  (Yaroslav Halchenko):
-  * Introduced fwcheck option to verify consistency of the
-    chains. Implemented automatic restart of fail2ban main
-    function in case check of fwban or fwunban command failed
-    (closes: #329163, #331695). (Introduced patch was further
-    adjusted by upstream author).
+- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
+  * Introduced fwcheck option to verify consistency of the chains. Implemented
+    automatic restart of fail2ban main function in case check of fwban or
+    fwunban command failed (closes: #329163, #331695). (Introduced patch was
+    further adjusted by upstream author).
   * Added -f command line parameter for [findtime].
-  * Added a cleanup of firewall rules on emergency shutdown
-    when unknown exception is catched.
-  * Fail2ban should not crash now if a wrong file name is
-    specified in config.
-  * reordered code a bit so that log targets are setup right
-    after background and then only loglevel (verbose, debug)
-    is processed, so the warning could be seen in the logs
-  * Added a keyword <section> in parsing of the subject and
-    the body of an email sent out by fail2ban (closes:
-    #330311)
+  * Added a cleanup of firewall rules on emergency shutdown when unknown
+    exception is catched.
+  * Fail2ban should not crash now if a wrong file name is specified in config.
+  * reordered code a bit so that log targets are setup right after background
+    and then only loglevel (verbose, debug) is processed, so the warning could
+    be seen in the logs
+  * Added a keyword <section> in parsing of the subject and the body of an email
+    sent out by fail2ban (closes: #330311)
 
 ver. 0.5.4 (2005/09/13) - beta
 ----------
 - Fixed bug #1286222.
-- Propagated patches introduced by Debian maintainer 
-  (Yaroslav Halchenko):
-  * Fixed handling of SYSLOG logging target. Now it can log
-    to any SYSLOG target and facility as directed by the 
-    config
+- Propagated patches introduced by Debian maintainer (Yaroslav Halchenko):
+  * Fixed handling of SYSLOG logging target. Now it can log to any SYSLOG target
+    and facility as directed by the config
   * Format of SYSLOG entries fixed to look closer to standard
   * Fixed errata in config/gentoo-confd
-  * Introduced findtime configuration variable to control the
-    lifetime of caught "failed" log entries
+  * Introduced findtime configuration variable to control the lifetime of caught
+    "failed" log entries
 	
 ver. 0.5.3 (2005/09/08) - beta
 ----------
-- Fixed a bug when overriding "maxfailures" or "bantime".
-  Thanks to Yaroslav Halchenko
-- Added more debug output if an error occurs when sending
-  mail. Thanks to Stephen Gildea
-- Renamed "maxretry" to "maxfailures" and changed default
-  value to 5. Thanks to Stephen Gildea
+- Fixed a bug when overriding "maxfailures" or "bantime". Thanks to Yaroslav
+  Halchenko
+- Added more debug output if an error occurs when sending mail. Thanks to
+  Stephen Gildea
+- Renamed "maxretry" to "maxfailures" and changed default value to 5. Thanks to
+  Stephen Gildea
 - Hopefully fixed bug #1256075
 - Fixed bug #1262345
 - Fixed exception handling in PIDLock
-- Removed warning when using "-V" or "-h" with no config
-  file. Thanks to Yaroslav Halchenko
-- Removed "-i eth0" from config file. Thanks to Yaroslav
-  Halchenko
+- Removed warning when using "-V" or "-h" with no config file. Thanks to
+  Yaroslav Halchenko
+- Removed "-i eth0" from config file. Thanks to Yaroslav Halchenko
 
 ver. 0.5.2 (2005/08/06) - beta
 ----------
@@ -353,11 +319,9 @@ ver. 0.5.1 (2005/07/23) - beta
 ----------
 - Fixed bugs #1241756, #1239557
 - Added log targets in configuration file. Removed -l option
-- Changed iptables rules in order to create a separated chain
-  for each section
+- Changed iptables rules in order to create a separated chain for each section
 - Fixed static banList in firewall.py
-- Added an initd script for Debian. Thanks to Yaroslav
-  Halchenko
+- Added an initd script for Debian. Thanks to Yaroslav Halchenko
 - Check for obsolete files after install
 
 ver. 0.5.0 (2005/07/12) - beta
@@ -365,24 +329,22 @@ ver. 0.5.0 (2005/07/12) - beta
 - Added support for CIDR mask in ignoreip
 - Added mail notification support
 - Fixed bug #1234699
-- Added tags replacement in rules definition. Should allow a
-  clean solution for Feature Request #1229479
+- Added tags replacement in rules definition. Should allow a clean solution for
+  Feature Request #1229479
 - Removed "interface" and "firewall" options
-- Added start and end commands in the configuration file.
-  Thanks to Yaroslav Halchenko
+- Added start and end commands in the configuration file. Thanks to Yaroslav
+  Halchenko
 - Added firewall rules definition in the configuration file
 - Cleaned fail2ban.py
-- Added an initd script for RedHat/Fedora. Thanks to Andrey
-  G. Grozin
+- Added an initd script for RedHat/Fedora. Thanks to Andrey G. Grozin
 
 ver. 0.4.1 (2005/06/30) - stable
 ----------
-- Fixed textToDNS method which generated wrong matches for
-  "rhost=12-xyz...". Thanks to Tom Pike
+- Fixed textToDNS method which generated wrong matches for "rhost=12-xyz...".
+  Thanks to Tom Pike
 - fail2ban.conf modified for readability. Thanks to Iain Lea
 - Added an initd script for Gentoo
-- Changed default PID lock file location from /tmp to
-  /var/run
+- Changed default PID lock file location from /tmp to /var/run
 
 ver. 0.4.0 (2005/04/24) - stable
 ----------
@@ -398,8 +360,8 @@ ver. 0.3.1 (2005/03/31) - beta
 
 ver. 0.3.0 (2005/02/24) - beta
 ----------
-- Re-writting of parts of the code in order to handle several
-  log files with different rules
+- Re-writting of parts of the code in order to handle several log files with
+  different rules
 - Removed sshd.py because it is no more needed
 - Fixed a bug when exiting with IP in the ban list
 - Added PID lock file
@@ -409,26 +371,22 @@ ver. 0.3.0 (2005/02/24) - beta
 
 ver. 0.1.2 (2004/11/21) - beta
 ----------
-- Add ipfw and ipfwadm support. The rules are taken from
-  BlockIt. Thanks to Robert Edeker
-- Add -e option which allows to set the interface. Thanks to
-  Robert Edeker who reminded me this
+- Add ipfw and ipfwadm support. The rules are taken from BlockIt. Thanks to
+  Robert Edeker
+- Add -e option which allows to set the interface. Thanks to Robert Edeker who
+  reminded me this
 - Small code cleaning
 
 ver. 0.1.1 (2004/10/23) - beta
 ----------
-- Add SIGTERM handler in order to exit nicely when in daemon
-  mode
-- Add -r option which allows to set the maximum number of
-  login failures
-- Remove the Metalog class as the log file are not so syslog
-  daemon specific
-- Rewrite log reader to be service centered. Sshd support
-  added. Match "Failed password" and "Illegal user"
+- Add SIGTERM handler in order to exit nicely when in daemon mode
+- Add -r option which allows to set the maximum number of login failures
+- Remove the Metalog class as the log file are not so syslog daemon specific
+- Rewrite log reader to be service centered. Sshd support added. Match "Failed
+  password" and "Illegal user"
 - Add /etc/fail2ban.conf configuration support
 - Code documentation
 
-
 ver. 0.1.0 (2004/10/12) - alpha
 ----------
 - Initial release
diff --git a/README b/README
index 1c1cbf66..7f147670 100644
--- a/README
+++ b/README
@@ -1,21 +1,19 @@
-               __      _ _ ___ _               
-              / _|__ _(_) |_  ) |__  __ _ _ _  
-             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
-             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+                         __      _ _ ___ _               
+                        / _|__ _(_) |_  ) |__  __ _ _ _  
+                       |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+                       |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
-=============================================================
-Fail2Ban (version 0.8.4)                           2008/??/??
-=============================================================
+================================================================================
+Fail2Ban (version 0.8.4)                                              2009/??/??
+================================================================================
 
-Fail2Ban scans log files like /var/log/pwdfail and bans IP
-that makes too many password failures. It updates firewall
-rules to reject the IP address. These rules can be defined by
-the user. Fail2Ban can read multiple log files such as sshd
-or Apache web server ones.
+Fail2Ban scans log files like /var/log/pwdfail and bans IP that makes too many
+password failures. It updates firewall rules to reject the IP address. These
+rules can be defined by the user. Fail2Ban can read multiple log files such as
+sshd or Apache web server ones.
 
-This README is a quick introduction to Fail2ban. More
-documentation, FAQ, HOWTOs are available on the project
-website: http://www.fail2ban.org
+This README is a quick introduction to Fail2ban. More documentation, FAQ, HOWTOs
+are available on the project website: http://www.fail2ban.org
 
 Installation:
 -------------
@@ -32,33 +30,32 @@ To install, just do:
 > cd fail2ban-0.8.4
 > python setup.py install
 
-This will install Fail2Ban into /usr/share/fail2ban. The
-executable scripts are placed into /usr/bin.
+This will install Fail2Ban into /usr/share/fail2ban. The executable scripts are
+placed into /usr/bin.
 
-It is possible that Fail2ban is already packaged for your
-distribution. In this case, you should use it.
+It is possible that Fail2ban is already packaged for your distribution. In this
+case, you should use it.
 
 Fail2Ban should be correctly installed now. Just type:
 
 > fail2ban-client -h
 
-to see if everything is alright. You should always use
-fail2ban-client and never call fail2ban-server directly.
+to see if everything is alright. You should always use fail2ban-client and never
+call fail2ban-server directly.
 
 Configuration:
 --------------
 
-You can configure Fail2ban using the files in /etc/fail2ban.
-It is possible to configure the server using commands sent to
-it by fail2ban-client. The available commands are described
-in the man page of fail2ban-client. Please refer to it or to
-the website: http://www.fail2ban.org
+You can configure Fail2ban using the files in /etc/fail2ban. It is possible to
+configure the server using commands sent to it by fail2ban-client. The available
+commands are described in the man page of fail2ban-client. Please refer to it or
+to the website: http://www.fail2ban.org
 
 Contact:
 --------
 
-You need some new features, you found bugs or you just
-appreciate this program, you can contact me at:
+You need some new features, you found bugs or you just appreciate this program,
+you can contact me at:
 
 Website: http://www.fail2ban.org
 
@@ -67,34 +64,27 @@ Cyril Jaquier: <cyril.jaquier@fail2ban.org>
 Thanks:
 -------
 
-Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
-Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
-Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
-Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
-Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
-Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
-Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
-Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann,
-Vincent Deffontaines, Bill Heaton, Russell Odom and many
-others.
+Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker, Tom Pike, Iain Lea,
+Andrey G. Grozin, Yaroslav Halchenko, Jonathan Kamens, Stephen Gildea, Markus
+Hoffmann, Mark Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler, Nick
+Munger, Christoph Haas, Justin Shore, Joël Bertrand, René Berber, mEDI, Axel
+Thimm, Eric Gerbier, Christian Rauch, Michael C. Haller, Jonathan Underwood,
+Hanno 'Rince' Wagner, Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
+Delvit, Vaclav Misek, Adrien Clerc, Michael Hanselmann, Vincent Deffontaines,
+Bill Heaton, Russell Odom, Christos Psonis and many others.
 
 License:
 --------
 
-Fail2Ban is free software; you can redistribute it
-and/or modify it under the terms of the GNU General Public
-License as published by the Free Software Foundation; either
-version 2 of the License, or (at your option) any later
+Fail2Ban is free software; you can redistribute it and/or modify it under the
+terms of the GNU General Public License as published by the Free Software
+Foundation; either version 2 of the License, or (at your option) any later
 version.
 
-Fail2Ban is distributed in the hope that it will be
-useful, but WITHOUT ANY WARRANTY; without even the implied
-warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-PURPOSE.  See the GNU General Public License for more
-details.
+Fail2Ban is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+PARTICULAR PURPOSE. See the GNU General Public License for more details.
 
-You should have received a copy of the GNU General Public
-License along with Fail2Ban; if not, write to the Free
-Software Foundation, Inc., 59 Temple Place, Suite 330,
-Boston, MA  02111-1307  USA
+You should have received a copy of the GNU General Public License along with
+Fail2Ban; if not, write to the Free Software Foundation, Inc., 59 Temple Place,
+Suite 330, Boston, MA  02111-1307  USA
diff --git a/TODO b/TODO
index 29e7c37f..4737c79a 100644
--- a/TODO
+++ b/TODO
@@ -1,11 +1,11 @@
-               __      _ _ ___ _               
-              / _|__ _(_) |_  ) |__  __ _ _ _  
-             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
-             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+                         __      _ _ ___ _               
+                        / _|__ _(_) |_  ) |__  __ _ _ _  
+                       |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+                       |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
-=============================================================
-ToDo                                         $Revision: 653 $
-=============================================================
+================================================================================
+ToDo                                                            $Revision$
+================================================================================
 
 Legend:
 - not yet done
@@ -15,26 +15,24 @@ Legend:
 
 - Removed relative imports
 
-- Cleanup fail2ban-client and fail2ban-server. Move code to
-  server/ and client/
+- Cleanup fail2ban-client and fail2ban-server. Move code to server/ and client/
 
-- Add timeout to external commands (signal alarm, watchdog
-  thread, etc)
+- Add timeout to external commands (signal alarm, watchdog thread, etc)
 
 - New backend: pyinotify
 
-- Uniformize filters and actions name. Use the software name
-  (openssh, postfix, proftp)
+- Uniformize filters and actions name. Use the software name (openssh, postfix,
+  proftp)
 
-- Added <USER> tag for failregex. Add features using this
-  information. Maybe add more tags
+- Added <USER> tag for failregex. Add features using this information. Maybe add
+  more tags
 
 - Look at the memory consumption. Decrease memory usage
 
 - More detailed statistics
 
-- Auto-enable function (search for log files), check
-  modification date to see if service is still in use
+- Auto-enable function (search for log files), check modification date to see if
+  service is still in use
 
 - Improve parsing of the action parameters in jailreader.py
 
@@ -44,8 +42,8 @@ Legend:
 
 - Multiline log reading
 
-- Improve execution of action. Why does subprocess.call
-  deadlock with multi-jails?
+- Improve execution of action. Why does subprocess.call deadlock with
+  multi-jails?
 
 # see Feature Request Tracking System at SourceForge.net
 
diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf
new file mode 100644
index 00000000..991d9e58
--- /dev/null
+++ b/config/action.d/ipfilter.conf
@@ -0,0 +1,57 @@
+# Fail2Ban configuration file
+#
+# NetBSD ipfilter (ipf command) ban/unban
+#
+# Author: Ed Ravin <eravin@panix.com>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+# enable IPF if not already enabled
+actionstart = /sbin/ipf -E
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+# don't disable IPF with "/sbin/ipf -D", there may be other filters in use
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = echo block in quick from <ip>/32 | /sbin/ipf -f -
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = echo block in quick from <ip>/32 | /sbin/ipf -r -f -
+
+[Init]
+
diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf
index b010cea8..094aa8ff 100644
--- a/config/filter.d/apache-auth.conf
+++ b/config/filter.d/apache-auth.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = [[]client <HOST>[]] user .* authentication failure
diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf
index 57a2cefe..e7652046 100644
--- a/config/filter.d/apache-noscript.conf
+++ b/config/filter.d/apache-noscript.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = [[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)
diff --git a/config/filter.d/common.conf b/config/filter.d/common.conf
index ee084229..b580c78d 100644
--- a/config/filter.d/common.conf
+++ b/config/filter.d/common.conf
@@ -3,7 +3,7 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision:  $
+# $Revision$
 #
 
 [INCLUDES]
diff --git a/config/filter.d/courierlogin.conf b/config/filter.d/courierlogin.conf
index f744f314..a821b7e4 100644
--- a/config/filter.d/courierlogin.conf
+++ b/config/filter.d/courierlogin.conf
@@ -12,7 +12,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
diff --git a/config/filter.d/couriersmtp.conf b/config/filter.d/couriersmtp.conf
index dbb0a055..2241f172 100644
--- a/config/filter.d/couriersmtp.conf
+++ b/config/filter.d/couriersmtp.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = error,relay=<HOST>,.*550 User unknown
diff --git a/config/filter.d/cyrus-imap.conf b/config/filter.d/cyrus-imap.conf
new file mode 100644
index 00000000..3a8734ee
--- /dev/null
+++ b/config/filter.d/cyrus-imap.conf
@@ -0,0 +1,26 @@
+# Fail2Ban configuration file
+#
+# Author: Jan Wagner <waja@cyconet.org>
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = : badlogin: .*\[<HOST>\] plaintext .*SASL\(-13\): authentication failure: checkpass failed$
+	    : badlogin: .*\[<HOST>\] LOGIN \[SASL\(-13\): authentication failure: checkpass failed\]$
+	    : badlogin: .*\[<HOST>\] (?:CRAM-MD5|NTLM) \[SASL\(-13\): authentication failure: incorrect (?:digest|NTLM) response\]$
+	    : badlogin: .*\[<HOST>\] DIGEST-MD5 \[SASL\(-13\): authentication failure: client response doesn't match what we generated\]$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf
index 4c9e649d..79ac3803 100644
--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
diff --git a/config/filter.d/named-refused.conf b/config/filter.d/named-refused.conf
index 69b36970..e0879f26 100644
--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@@ -26,7 +26,7 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
-failregex = %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
+failregex = %(__line_prefix)sclient <HOST>#.+: query(?: \(cache\))? '.*' denied\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf
index d579a6fc..b135380d 100644
--- a/config/filter.d/postfix.conf
+++ b/config/filter.d/postfix.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = reject: RCPT from (.*)\[<HOST>\]: 554
diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 552c2935..17e824c6 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -11,7 +11,7 @@
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
 failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
diff --git a/config/filter.d/pure-ftpd.conf b/config/filter.d/pure-ftpd.conf
index 1933d6e0..fbbfc2d1 100644
--- a/config/filter.d/pure-ftpd.conf
+++ b/config/filter.d/pure-ftpd.conf
@@ -16,7 +16,7 @@ __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'ut
 # Notes.: regex to match the password failures messages in the logfile. The
 #         host must be matched by a group named "host". The tag "<HOST>" can
 #         be used for standard IP/hostname matching and is only an alias for
-#         (?:::f{4,6}:)?(?P<host>\S+)
+#         (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
 failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
diff --git a/config/filter.d/qmail.conf b/config/filter.d/qmail.conf
index ad8649c8..fa38fbb9 100644
--- a/config/filter.d/qmail.conf
+++ b/config/filter.d/qmail.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>
diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf
index 6498459a..05c66389 100644
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@@ -11,10 +11,10 @@
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
-failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
+failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [A-Za-z0-9+/]*={0,2})?$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
diff --git a/config/filter.d/sieve.conf b/config/filter.d/sieve.conf
new file mode 100644
index 00000000..00e9daf1
--- /dev/null
+++ b/config/filter.d/sieve.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Jan Wagner <waja@cyconet.org>
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
+# Values: TEXT
+#
+failregex = : badlogin: .*\[<HOST>\] (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failure$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/config/filter.d/sshd-ddos.conf b/config/filter.d/sshd-ddos.conf
index ea0e0956..ef315684 100644
--- a/config/filter.d/sshd-ddos.conf
+++ b/config/filter.d/sshd-ddos.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 49ccaa70..f0b91b21 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -20,7 +20,7 @@ _daemon = sshd
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf
index cb844b6c..be4dc337 100644
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@@ -11,7 +11,7 @@
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values: TEXT
 #
 failregex = vsftpd(?:\(pam_unix\))?(?:\[\d+\])?:.* authentication failure; .* rhost=<HOST>(?:\s+user=\S*)?\s*$
diff --git a/config/filter.d/webmin-auth.conf b/config/filter.d/webmin-auth.conf
index 042e5bc4..72e1e65b 100644
--- a/config/filter.d/webmin-auth.conf
+++ b/config/filter.d/webmin-auth.conf
@@ -15,7 +15,7 @@
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 failregex = webmin.* Non-existent login as .+ from <HOST>$
diff --git a/config/filter.d/xinetd-fail.conf b/config/filter.d/xinetd-fail.conf
index 60dfeaa6..2eea7e6a 100644
--- a/config/filter.d/xinetd-fail.conf
+++ b/config/filter.d/xinetd-fail.conf
@@ -11,7 +11,7 @@
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>\S+)
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
 # Cfr.: /var/log/(daemon\.|sys)log
diff --git a/files/nagios/check_fail2ban b/files/nagios/check_fail2ban
new file mode 100644
index 00000000..0b40db53
--- /dev/null
+++ b/files/nagios/check_fail2ban
@@ -0,0 +1,106 @@
+#!/bin/bash
+#
+# Usage: ./check_fail2ban
+###############################################################################################
+# Description: 
+#		This plugin will check the status of Fail2ban.  
+#
+# Created:      2008-10-25 (Sebastian Mueller)
+#
+# Changes:      2008-10-26 fixed some issues (Sebastian Mueller)
+# Changes:      2009-01-25 add the second check, when server is not replying and the
+#		process is hang-up (Sebastian Mueller)
+#
+# please visit my website http://www.elchtest.eu or my personal WIKI http://wiki.elchtest.eu
+#
+################################################################################################
+# if you have any questions, send a mail to linux@krabbe-offline.de 
+#
+# this script is for my personal use. read the script before running/using it!!!
+#
+#
+# YOU HAVE BEEN WARNED. THIS MAY DESTROY YOUR MACHINE. I ACCEPT NO RESPONSIBILITY.
+###############################################################################################
+
+
+SECOND_CHECK=0 
+STATE_OK=0
+STATE_CRITICAL=2
+
+######################################################################
+# Read the Status from fail2ban-client 
+######################################################################
+check_processes_fail2ban()
+{
+        
+  F2B=`sudo -u root fail2ban-client ping | awk -F " " '{print $3}'`
+  exit_fail2ban=0
+
+  if  [[ $F2B = "pong" ]]; then
+   exit_fail2ban=$STATE_OK
+ else
+ exit_fail2ban=$STATE_CRITICAL
+ fi
+
+}
+######################################################################
+# first check in the Background, PID will be killed when no response
+# after 10 seconds, might be possible, otherwise the scipt will be
+# pressent in your memory all the time
+#
+######################################################################
+
+check_processes_fail2ban &
+pid=$!
+
+typeset -i i=0
+while ps $pid >/dev/null
+do
+ sleep 1
+ i=$i+1
+if [ $i -ge 10 ]
+ then
+ kill $pid 
+   SECOND_CHECK=1
+   exit_fail2ban=$STATE_CRITICAL
+   break
+fi
+done
+
+######################################################################
+# when the Server response (doesent mean the FAIL2BAN is working)
+# in the first step, then it will run again and test the Service 
+# and provide the real status
+######################################################################
+
+
+if [ $SECOND_CHECK -eq 0  ]; then
+  check_processes_fail2ban
+ elif [ $SECOND_CHECK -eq 1 ]; then
+  exit_fail2ban=$STATE_CRITICAL
+fi
+
+
+
+######################################################################
+# Mainmenu
+######################################################################
+
+
+final_exit=$exit_fail2ban
+if [ $final_exit -eq 0  ]; then
+  echo "SYSTEM OK - Fail2ban is working normaly"
+  exitstatus=$STATE_OK
+elif [ $final_exit -ne "0" ]; then
+  echo "SYSTEM WARNING - Fail2Ban is not working"
+######################################################################
+# If don't have a Nagios Server for monitoring, remove the comment and
+# add your Mail Addres. You can check it with a Cron Job once a hour.
+# put a txt file on your server and describe how to fix the issue, this 
+# could be attached to the mail.
+######################################################################
+#  mutt -s "FAIL2BAN NOT WORKING" your@email.com < /home/f2ban.txt
+
+  exitstatus=$STATE_CRITICAL
+fi
+exit $exitstatus
diff --git a/files/nagios/f2ban.txt b/files/nagios/f2ban.txt
new file mode 100644
index 00000000..a811cd5d
--- /dev/null
+++ b/files/nagios/f2ban.txt
@@ -0,0 +1,18 @@
+It seems that Fail2ban is currently not working, please login and check
+
+HELP:
+
+1.) stop the Service
+/etc/init.d/fail2ban stop
+
+2.) delete the socket if avalible
+rm /tmp/fail2ban.sock
+
+3.) start the Service 
+/etc/init.d/fail2ban start
+
+4.) check if fail2ban is working
+fail2ban-client ping
+Answer should be "pong"
+
+5.) if the answer is not "pong" run away or  CRY FOR HELP ;-) 
diff --git a/files/suse-initd b/files/suse-initd
index ecd55d9a..1dec63e2 100755
--- a/files/suse-initd
+++ b/files/suse-initd
@@ -35,6 +35,13 @@ rc_reset
 case "$1" in
     start)
         echo -n "Starting Fail2Ban "
+        # a cleanup workaround, since /etc/init.d/boot.local removes only. 
+        # regular files, and not sockets 
+        if test -e $FAIL2BAN_SOCKET; then
+            if ! lsof -n $FAIL2BAN_SOCKET &>/dev/null; then
+                rm $FAIL2BAN_SOCKET
+            fi
+        fi
         /sbin/startproc $FAIL2BAN_BIN start &>/dev/null
         rc_status -v
         ;;
diff --git a/server/datedetector.py b/server/datedetector.py
index dacd5386..9df68076 100644
--- a/server/datedetector.py
+++ b/server/datedetector.py
@@ -77,6 +77,12 @@ class DateDetector:
 			template.setRegex("\d{2}/\S{3}/\d{4}:\d{2}:\d{2}:\d{2}")
 			template.setPattern("%d/%b/%Y:%H:%M:%S")
 			self.__templates.append(template)
+			# CPanel 05/20/2008:01:57:39
+			template = DateStrptime()
+			template.setName("Month/Day/Year:Hour:Minute:Second")
+			template.setRegex("\d{2}/\d{2}/\d{4}:\d{2}:\d{2}:\d{2}")
+			template.setPattern("%m/%d/%Y:%H:%M:%S")
+			self.__templates.append(template)
 			# Exim 2006-12-21 06:43:20
 			template = DateStrptime()
 			template.setName("Year-Month-Day Hour:Minute:Second")
diff --git a/server/datetemplate.py b/server/datetemplate.py
index 128ad6d8..b5b21e3f 100644
--- a/server/datetemplate.py
+++ b/server/datetemplate.py
@@ -132,7 +132,7 @@ class DateStrptime(DateTemplate):
 				conv = self.convertLocale(dateMatch.group())
 				try:
 					date = list(time.strptime(conv, self.getPattern()))
-				except ValueError:
+				except ValueError, e:
 					# Try to add the current year to the pattern. Should fix
 					# the "Feb 29" issue.
 					conv += " %s" % MyTime.gmtime()[0]
@@ -187,6 +187,5 @@ class DateISO8601(DateTemplate):
 		if dateMatch:
 			# Parses the date.
 			value = dateMatch.group()
-			print value
-			date = list(iso8601.parse_date(value).utctimetuple())
+			date = list(iso8601.parse_date(value).timetuple())
 		return date
diff --git a/server/faildata.py b/server/faildata.py
index 5cb6ac32..d7dd52da 100644
--- a/server/faildata.py
+++ b/server/faildata.py
@@ -34,6 +34,7 @@ class FailData:
 	def __init__(self):
 		self.__retry = 0
 		self.__lastTime = 0
+		self.__lastReset = 0
 	
 	def setRetry(self, value):
 		self.__retry = value
@@ -50,4 +51,9 @@ class FailData:
 	
 	def getLastTime(self):
 		return self.__lastTime
-	
\ No newline at end of file
+
+	def getLastReset(self):
+		return self.__lastReset
+
+	def setLastReset(self, value):
+		self.__lastReset = value
diff --git a/server/failmanager.py b/server/failmanager.py
index cfbe2c2a..1529b4b3 100644
--- a/server/failmanager.py
+++ b/server/failmanager.py
@@ -90,11 +90,15 @@ class FailManager:
 			unixTime = ticket.getTime()
 			if self.__failList.has_key(ip):
 				fData = self.__failList[ip]
+				if fData.getLastReset() < unixTime - self.__maxTime:
+					fData.setLastReset(unixTime)
+					fData.setRetry(0)
 				fData.inc()
 				fData.setLastTime(unixTime)
 			else:
 				fData = FailData()
 				fData.inc()
+				fData.setLastReset(unixTime)
 				fData.setLastTime(unixTime)
 				self.__failList[ip] = fData
 			self.__failTotal += 1
diff --git a/server/filter.py b/server/filter.py
index 6bd27ffd..68cf051e 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -492,7 +492,7 @@ import socket, struct
 
 class DNSUtils:
 	
-	IP_CRE = re.compile("(?:\d{1,3}\.){3}\d{1,3}$")
+	IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
 	
 	#@staticmethod
 	def dnsToIp(dns):
diff --git a/testcases/failmanagertestcase.py b/testcases/failmanagertestcase.py
index 29a26f40..96d41dd4 100644
--- a/testcases/failmanagertestcase.py
+++ b/testcases/failmanagertestcase.py
@@ -39,7 +39,12 @@ class AddFailure(unittest.TestCase):
 					    ['193.168.0.128', 1167605999.0],
 					    ['87.142.124.10', 1167605999.0],
 					    ['87.142.124.10', 1167605999.0],
-					    ['87.142.124.10', 1167605999.0]]
+					    ['87.142.124.10', 1167605999.0],
+					    ['100.100.10.10', 1000000000.0],
+					    ['100.100.10.10', 1000000500.0],
+					    ['100.100.10.10', 1000001000.0],
+					    ['100.100.10.10', 1000001500.0],
+					    ['100.100.10.10', 1000002000.0]]
 		
 		self.__failManager = FailManager()
 		for i in self.__items:
@@ -49,7 +54,7 @@ class AddFailure(unittest.TestCase):
 		"""Call after every test case."""
 	
 	def testAdd(self):
-		self.assertEqual(self.__failManager.size(), 2)
+		self.assertEqual(self.__failManager.size(), 3)
 	
 	def _testDel(self):
 		self.__failManager.delFailure('193.168.0.128')
@@ -76,3 +81,10 @@ class AddFailure(unittest.TestCase):
 	def testbanNOK(self):
 		self.__failManager.setMaxRetry(10)
 		self.assertRaises(FailManagerEmpty, self.__failManager.toBan)
+
+	def testWindow(self):
+		ticket = self.__failManager.toBan()
+		self.assertNotEqual(ticket.getIP(), "100.100.10.10")
+		ticket = self.__failManager.toBan()
+		self.assertNotEqual(ticket.getIP(), "100.100.10.10")
+		self.assertRaises(FailManagerEmpty, self.__failManager.toBan)
diff --git a/testcases/filtertestcase.py b/testcases/filtertestcase.py
index 7d11c66f..e9076b10 100644
--- a/testcases/filtertestcase.py
+++ b/testcases/filtertestcase.py
@@ -99,7 +99,7 @@ class GetFailures(unittest.TestCase):
 		output = ('193.168.0.128', 3, 1124013599.0)
 		
 		self.__filter.addLogPath(GetFailures.FILENAME_01)
-		self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
+		self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>")
 
 		self.__filter.getFailures(GetFailures.FILENAME_01)
 		
@@ -116,7 +116,7 @@ class GetFailures(unittest.TestCase):
 		output = ('141.3.81.106', 4, 1124013539.0)
 
 		self.__filter.addLogPath(GetFailures.FILENAME_02)
-		self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
+		self.__filter.addFailRegex("Failed .* from <HOST>")
 		
 		self.__filter.getFailures(GetFailures.FILENAME_02)
 		
@@ -133,7 +133,7 @@ class GetFailures(unittest.TestCase):
 		output = ('203.162.223.135', 6, 1124013544.0)
 
 		self.__filter.addLogPath(GetFailures.FILENAME_03)
-		self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
+		self.__filter.addFailRegex("error,relay=<HOST>,.*550 User unknown")
 		
 		self.__filter.getFailures(GetFailures.FILENAME_03)
 		
@@ -151,7 +151,7 @@ class GetFailures(unittest.TestCase):
 				  ('212.41.96.185', 4, 1124013598.0)]
 
 		self.__filter.addLogPath(GetFailures.FILENAME_04)
-		self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)")
+		self.__filter.addFailRegex("Invalid user .* <HOST>")
 		
 		self.__filter.getFailures(GetFailures.FILENAME_04)