# Fail2Ban filter for sieve authentication failures # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _deamon = (?:cyrus/)?(?:tim)?sieved? failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[\] \S+ authentication failure$ ignoreregex = # Author: Jan Wagner