# /etc/fail2ban/filter.d/sogo-auth.conf # # Fail2Ban configuration file # By Arnd Brandes # SOGo # [Definition] # Option: failregex # Filter Ban in /var/log/sogo/sogo.log # Note: the error log may contain multiple hosts, whereas the first one # is the client and all others are poxys. We match the first one, only failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =