# Fail2Ban filter for courier authentication failures
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = (?:courier)?(?:imapd?|pop3d?)(?:login)?(?:-ssl)?

failregex = ^%(__prefix_line)sLOGIN FAILED, (?:user|method)=.*, ip=\[<HOST>\]$

ignoreregex = 

datepattern = {^LN-BEG}

# Author: Christoph Haas
# Modified by: Cyril Jaquier