Hello Guys, i want to protect my imap / pop3 access with fail2ban but it looks like that the regex isn`t matching because nothing happens. For SSH and other services the fail2ban works great. Example failed Logins: --- May 26 22:06:29 vs001 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=217.133.221.119, lip=80.246.63.9 May 26 22:06:46 vs001 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=217.133.221.119, lip=80.246.63.9 May 26 22:07:03 vs001 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=217.133.221.119, lip=80.246.63.9 May 26 22:07:20 vs001 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=217.133.221.119, lip=80.246.63.9 May 26 22:07:37 vs001 dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=217.133.221.119, lip=80.246.63.9 --- I tried this regex: Code: failregex = .*(?:pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* AND this: Code: failregex = (?: pop3-login|imap-login): .*(?:Disconnected|Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* Any idea?
