# Fail2Ban filter for courier authentication failures # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = (?:courier)?(?:imapd?|pop3d?)(?:login)?(?:-ssl)? failregex = ^%(__prefix_line)sLOGIN FAILED, (?:(?!ip=)(?:user=[^,]*|\w+=[^,]*), )*ip=\[\] ignoreregex = datepattern = {^LN-BEG} # Author: Christoph Haas # Modified by: Cyril Jaquier