Ok I've solved this.

The trouble (as I'm sure the more experienced users could have guessed) was due to discrepancy between timestamp in the log and server time.   The timestamp generated by fail2ban roundcube plugin looks like this:
[13-Jun-2014 09:38:27 -0400]

Unfortunately fail2ban reads this as 9:38am and seems to ignore the -0400 part of it.  I've changed my php timezone to match server and this solves the issue.

My question is this:  What is the preferred solution here?
1) Always keep server time and php apache time in sync
2) roundcube plugin should use a different time format
3) fail2ban should be updated to read time offsets in this format

and also, does fail2ban recognize time offsets in any format?  or is this just an anomaly?



On Tue, Jun 10, 2014 at 5:01 AM, billy noah <billynoah@gmail.com> wrote:
sshd and all other jails work just fine and succeed in banning as they should.

However, Roundcube not banning.. been playing with this for hours and finally throwing in the towel.

My system:
Fail2Ban v0.8.1
Ubuntu 14.04
Roundcube 0.95 with fail2ban plugin active

Logfile /var/log/roundcube/userlogins is created and successfully logs all failed attempts.

fail2ban-regex /var/log/roundcube/userlogins /etc/fail2ban/filter.d/roundcube-auth.conf

seems to indicate that regex is working.  returns output as follows:

Running tests

Use   failregex file : /etc/fail2ban/filter.d/roundcube-auth.conf
Use         log file : /var/log/roundcube/userlogins


Failregex: 44 total
|-  #) [# of hits] regular expression
|   1) [44] ^\s*(\[(\s[+-][0-9]{4})?\])?(\S+ roundcube: IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [44] Day-MONTH-Year Hour:Minute:Second[.Millisecond]

Lines: 44 lines, 0 ignored, 44 matched, 0 missed

Someone please help.  Why would the regex tester match log lines but not ban the IP?  There's absolutely nothing out of the ordinary about my config - this is all clean and out of the box default installation.