diff --git a/ChangeLog b/ChangeLog
index 4e68c63a..0e433e90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,6 +59,7 @@ configuration before relying on it.
    * Filter for stunnel
    * Filter for Counter Strike 1.6. Thanks to onorua for logs.
      Close gh-347
+   * Filter for squirrelmail. Close gh-261
 
 - Enhancements
    * Jail names increased to 26 characters and iptables prefix reduced
diff --git a/config/filter.d/squirrelmail.conf b/config/filter.d/squirrelmail.conf
new file mode 100644
index 00000000..9defd8d6
--- /dev/null
+++ b/config/filter.d/squirrelmail.conf
@@ -0,0 +1,13 @@
+
+[Definition]
+
+failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$
+
+
+[Init]
+
+datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S
+
+# DEV NOTES:
+#
+# Author: Daniel Black
diff --git a/config/jail.conf b/config/jail.conf
index 838d678e..8f049e74 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -640,6 +640,12 @@ port   = imap3,imaps,pop3,pop3s
 logpath = /var/log/maillog
 
 
+[squirrelmail]
+
+port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
+logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
+
+
 [cyrus-imap]
 
 port   = imap3,imaps
diff --git a/fail2ban/tests/files/logs/squirrelmail b/fail2ban/tests/files/logs/squirrelmail
new file mode 100644
index 00000000..3d1cf982
--- /dev/null
+++ b/fail2ban/tests/files/logs/squirrelmail
@@ -0,0 +1,3 @@
+
+# failJSON: { "time": "2013-10-06T15:50:41", "match": true , "host": "151.64.44.11" }
+10/06/2013 15:50:41 [LOGIN_ERROR] dadas (mydomain.org) from 151.64.44.11: Unknown user or password incorrect.