I "think" I successfully configured fail2ban with
qpopper pop3. I thought I would post my work on here in case someone else can
benefit from it. This is running on an OpenSUSE 10.2 box.
port = pop3
action = iptables[name=%(__name__)s,
maxretry = 5
and then the qpopperlogin.conf file based on Sven
Neukirchner's post to this list on 13/08/07:
# Option: failregex
# Notes.: regex
to match the password failures messages in the logfile.
# host must be
matched by a group named "host". The tag "<HOST>"
# be used for
standard IP/hostname matching and is only an alias
# Values: TEXT
popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+)
# Option: ignoreregex
regex to ignore. If this regex matches, the line is ignored.