ENH: filter.d/uwimap-auth added. Closes #18

ChangeLog

@@ -64,6 +64,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/perdition.conf -- filter added
   Mark McKinstry
    * action.d/apf.conf - add action for Advanced Policy Firewall (apf)
+  Amir Caspi and kjohnsonecl
+   * filter.d/uwimap-auth - filter for uwimap-auth IMAP/POP server
 
 - Enhancements:
   François Boulogne and Frédéric

THANKS

@@ -8,6 +8,7 @@ be added
 
 Adrien Clerc
 ache
+Amir Caspi
 Andrey G. Grozin
 Andy Fragen
 Arturo 'Buanzo' Busleiman
@@ -38,6 +39,7 @@ Joël Bertrand
 JP Espinosa
 Justin Shore
 Kévin Drapel
+kjohnsonecl
 kojiro
 Manuel Arostegui Ramirez
 Marcel Dopita

config/filter.d/uwimap-auth.conf

@@ -0,0 +1,15 @@
+# Fail2Ban configuration file
+#
+# Author: Amir Caspi
+#
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = (?:ipop3d|imapd)
+
+failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures) user=\S* auth=\S* host=.*\[<HOST>\]\s*$ 
+
+ignoreregex = 

config/jail.conf

@@ -416,6 +416,12 @@ filter = perdition
 action = iptables-multiport[name=perdition,port="110,143,993,995"]
 logpath = /var/log/maillog
 
+[uwimap-auth]
+enabled = false
+filter = uwimap-auth
+action = iptables-multiport[name=perdition,port="110,143,993,995"]
+logpath = /var/log/maillog
+
 [osx-ssh-ipfw]
 enabled = false
 filter = sshd

testcases/files/logs/uwimap-auth

@@ -0,0 +1,5 @@
+# failJSON: { "time": "2005-07-03T20:56:53", "match": true , "host": "81.169.154.112" }
+Jul 3 20:56:53 Linux2 imapd[666]: Login failed user=lizdy auth=lizdy host=h2066373.stratoserver.net [81.169.154.112]
+
+# failJSON: { "time": "2005-07-29T18:30:19", "match": true , "host": "198.52.115.74" }
+Jul 29 18:30:19 Linux2 ipop3d[25745]: Login failed user=info auth=info host=74-115-52-198-dedicated.multacom.com [198.52.115.74]