diff --git a/ChangeLog b/ChangeLog
index c092037a..edf4591c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -53,6 +53,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
   - Add filter for apache-modsecurity
   - filter.d/nsd.conf -- also amended Unix date template to match nsd format
   - Added filter.d/openwebmail filter thanks Ivo Truxa. Closes gh-543
+  - Added filter.d/horde
 
 - Enhancements:
   - loglines now also report "[PID]" after the name portion
diff --git a/config/filter.d/horde.conf b/config/filter.d/horde.conf
new file mode 100644
index 00000000..b94ebf64
--- /dev/null
+++ b/config/filter.d/horde.conf
@@ -0,0 +1,16 @@
+# fail2ban filter configuration for horde
+
+
+[Definition]
+
+
+failregex = ^ HORDE \[error\] \[(horde|imp)\] FAILED LOGIN for \S+ \[<HOST>\](\(forwarded for \[\S+\]\))? to (Horde|{[^}]+}) \[(pid \d+ )?on line \d+ of \S+\]$
+
+
+ignoreregex = 
+
+# DEV NOTES:
+# https://github.com/horde/horde/blob/master/imp/lib/Auth.php#L132
+# https://github.com/horde/horde/blob/master/horde/login.php
+# 
+# Author: Daniel Black
diff --git a/testcases/files/logs/horde b/testcases/files/logs/horde
new file mode 100644
index 00000000..135deee3
--- /dev/null
+++ b/testcases/files/logs/horde
@@ -0,0 +1,6 @@
+# failJSON: { "time": "2004-11-11T18:57:57", "match": true , "host": "203.16.208.190" }
+Nov 11 18:57:57 HORDE [error] [horde] FAILED LOGIN for graham [203.16.208.190] to Horde [on line 116 of "/home/ace-hosting/public_html/horde/login.php"]
+
+# failJSON: { "time": "2004-12-15T08:59:59", "match": true , "host": "1.2.3.4" }
+Dec 15 08:59:59 HORDE [error] [imp] FAILED LOGIN for emai.user@somedomain.com [1.2.3.4] to {mx.somedomain.com:993 [imap/ssl/novalidate-cert]} [pid 68394 on line 139 of /usr/local/www/www.somedomain.com/public_html/horde/imp/lib/Auth/imp.php"]
+