I "think" I successfully configured fail2ban with qpopper pop3. I thought I would post my work on here in case someone else can benefit from it.  This is running on an OpenSUSE 10.2 box.
 
[qpopper]
 
enabled  = true
port     = pop3
filter   = qpopperlogin
action   = iptables[name=%(__name__)s, port=%(port)s]
           sendmail-whois[name=qpopper, dest=you@mail.com]
logpath  = /var/log/mail
maxretry = 5
and then the qpopperlogin.conf file based on Sven Neukirchner's post to this list on 13/08/07:
 
[Definition]
 
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>\S+)
# Values:  TEXT
#
failregex = popper\[[0-9]+\]: \[AUTH\] Failed attempted login to \S+ from host (\S+) <HOST>(?: \[pop_pass\.c.*\])?$
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =