From 7ede1e85187764caec77512146f69c76f0621d28 Mon Sep 17 00:00:00 2001
From: hamilton5 <ham5@tehwebz.net>
Date: Mon, 10 Dec 2012 19:17:04 -0500
Subject: [PATCH 1/3] Update config/filter.d/dovecot.conf

added failregex line for debian and centos per
http://www.fail2ban.org/wiki/index.php/Talk:Dovecot
---
 config/filter.d/dovecot.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
index 153b9bb0..f37dc892 100644
--- a/config/filter.d/dovecot.conf
+++ b/config/filter.d/dovecot.conf
@@ -15,6 +15,7 @@
 # Values:  TEXT
 #
 failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+            pam.*dovecot.*(?:authentication failure).*rhost=(?:::f{4,6}:)?(?P<host>\S*) 
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

From e040c6d8a3bfa62d358083300119c259cd44dcd0 Mon Sep 17 00:00:00 2001
From: hamilton5 <ham5@tehwebz.net>
Date: Tue, 11 Dec 2012 03:26:14 -0500
Subject: [PATCH 2/3] Update config/filter.d/dovecot.conf

site actually needs updated because of <HOST> alias
per Notes above.
---
 config/filter.d/dovecot.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
index f37dc892..acbae3a8 100644
--- a/config/filter.d/dovecot.conf
+++ b/config/filter.d/dovecot.conf
@@ -15,7 +15,7 @@
 # Values:  TEXT
 #
 failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
-            pam.*dovecot.*(?:authentication failure).*rhost=(?:::f{4,6}:)?(?P<host>\S*) 
+            pam.*dovecot.*(?:authentication failure).*rhost=<HOST> 
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

From 266cdc29a6bf5aafc7d35f000a5254f416231c73 Mon Sep 17 00:00:00 2001
From: hamilton5 <ham5@tehwebz.net>
Date: Tue, 11 Dec 2012 12:09:28 -0500
Subject: [PATCH 3/3] Update config/filter.d/dovecot.conf

even tho not on the fail2ban site..
suggested to not be greedy by yarikoptic
---
 config/filter.d/dovecot.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
index acbae3a8..42c5ef33 100644
--- a/config/filter.d/dovecot.conf
+++ b/config/filter.d/dovecot.conf
@@ -15,7 +15,7 @@
 # Values:  TEXT
 #
 failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
-            pam.*dovecot.*(?:authentication failure).*rhost=<HOST> 
+            pam.*dovecot.*(?:authentication failure).*rhost=<HOST>(?:\s+user=.*)?\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.