# Fail2Ban filter for uwimap
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = (?:ipop3d|imapd)

failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|disabled|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[<HOST>\]\s*$ 
            ^%(__prefix_line)sFailed .* override of user=.* host=.*\[<HOST>\]\s*$

ignoreregex = 

# Author: Amir Caspi