# Fail2Ban filter for authentication failures on Cyrus imap server
#
#
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = (?:cyrus/)?(?:imap(d|s)?|pop3(d|s)?)

failregex = ^%(__prefix_line)sbadlogin: [^\[]*\[<HOST>\] \S+ .*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$

ignoreregex = 

# Author: Jan Wagner <waja@cyconet.org>