ENH: roundcube-auth - adopt for current format with trailing error message. thanks @kwirk for the review/feedback

I also used non-greedy .*? for the login portion since not sure if space could
be there and trying to minimize possibility of reacting on injected "from
<HOST>" somewhere within the trailing .*

config/filter.d/roundcube-auth.conf

@@ -17,7 +17,7 @@ before = common.conf
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = ^\s*(\[(\s\+[0-9]{4})?\])?(%(__hostname)s roundcube: IMAP Error)?: (FAILED login|Login failed) for .* from <HOST>\s*$
+failregex = ^\s*(\[(\s\+[0-9]{4})?\])?(%(__hostname)s roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. AUTHENTICATE .*)?\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

testcases/files/logs/roundcube-auth

@@ -2,3 +2,5 @@
 [22-Jan-2013 22:28:21 +0200]: FAILED login for user1 from 192.0.43.10
 # failJSON: { "time": "2005-05-26T07:12:40", "match": true , "host": "10.1.1.47" }
 May 26 07:12:40 hamster roundcube: IMAP Error: Login failed for sales@example.com from 10.1.1.47
+# failJSON: { "time": "2005-07-11T03:06:37", "match": true , "host": "1.2.3.4" }
+Jul 11 03:06:37 myhostname roundcube: IMAP Error: Login failed for admin from 1.2.3.4. AUTHENTICATE PLAIN: A0002 NO Login failed. in /usr/share/roundcube/program/include/rcube_imap.php on line 205 (POST /wmail/?_task=login&_action=login)