From 359210f2247e8e845442879aaa581096642554dc Mon Sep 17 00:00:00 2001
From: Daniel Black <grooverdan@users.sourceforge.net>
Date: Tue, 8 Oct 2013 20:37:33 +1100
Subject: [PATCH 1/2] ENH: filter.d/squirrelmail added

---
 config/filter.d/squirrelmail.conf      | 4 ++++
 config/jail.conf                       | 5 +++++
 fail2ban/tests/files/logs/squirrelmail | 3 +++
 3 files changed, 12 insertions(+)
 create mode 100644 config/filter.d/squirrelmail.conf
 create mode 100644 fail2ban/tests/files/logs/squirrelmail

diff --git a/config/filter.d/squirrelmail.conf b/config/filter.d/squirrelmail.conf
new file mode 100644
index 00000000..124ca2f8
--- /dev/null
+++ b/config/filter.d/squirrelmail.conf
@@ -0,0 +1,4 @@
+
+[Definition]
+
+failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect.$
diff --git a/config/jail.conf b/config/jail.conf
index 178a4c5f..3e87fa05 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -448,6 +448,11 @@ logpath = /var/log/mail.log
 port   = imap2,imap3,imaps,pop3,pop3s
 logpath = /var/log/maillog
 
+[squirrelmail]
+
+port = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
+logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
+
 #
 # DNS servers
 #
diff --git a/fail2ban/tests/files/logs/squirrelmail b/fail2ban/tests/files/logs/squirrelmail
new file mode 100644
index 00000000..3d1cf982
--- /dev/null
+++ b/fail2ban/tests/files/logs/squirrelmail
@@ -0,0 +1,3 @@
+
+# failJSON: { "time": "2013-10-06T15:50:41", "match": true , "host": "151.64.44.11" }
+10/06/2013 15:50:41 [LOGIN_ERROR] dadas (mydomain.org) from 151.64.44.11: Unknown user or password incorrect.

From f2e55e8499744e6b1f9196d2033e25c53c23c61d Mon Sep 17 00:00:00 2001
From: Daniel Black <grooverdan@users.sourceforge.net>
Date: Sun, 12 Jan 2014 20:27:36 +1100
Subject: [PATCH 2/2] ENH: add filter for squirrelmail. Closes gh-261

---
 ChangeLog                         |  1 +
 config/filter.d/squirrelmail.conf | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 57b03e18..2a78fcdd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,6 +59,7 @@ configuration before relying on it.
    * Filter for stunnel
    * Filter for Counter Strike 1.6. Thanks to onorua for logs.
      Close gh-347
+   * Filter for squirrelmail. Close gh-261
 
 - Enhancements
    * Jail names increased to 26 characters and iptables prefix reduced
diff --git a/config/filter.d/squirrelmail.conf b/config/filter.d/squirrelmail.conf
index 124ca2f8..9defd8d6 100644
--- a/config/filter.d/squirrelmail.conf
+++ b/config/filter.d/squirrelmail.conf
@@ -1,4 +1,13 @@
 
 [Definition]
 
-failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect.$
+failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$
+
+
+[Init]
+
+datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S
+
+# DEV NOTES:
+#
+# Author: Daniel Black