From 470a53a548c46af72d8956475fdacba045458d10 Mon Sep 17 00:00:00 2001
From: Jean Raby <jraby@inverse.ca>
Date: Thu, 7 Feb 2013 13:00:27 -0500
Subject: [PATCH] Add example configuration for fail2ban

From Arnd Brandes. (#2229)
---
 Scripts/fail2ban/sogo-filter.conf | 20 ++++++++++++++++++++
 Scripts/fail2ban/sogo-jail.local  |  9 +++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 Scripts/fail2ban/sogo-filter.conf
 create mode 100644 Scripts/fail2ban/sogo-jail.local

diff --git a/Scripts/fail2ban/sogo-filter.conf b/Scripts/fail2ban/sogo-filter.conf
new file mode 100644
index 000000000..b6d2da58e
--- /dev/null
+++ b/Scripts/fail2ban/sogo-filter.conf
@@ -0,0 +1,20 @@
+# /etc/fail2ban/filter.d/sogo.conf
+#
+# Fail2Ban configuration file
+# By Arnd Brandes
+# SOGo
+#
+
+[Definition]
+# Option: failregex
+# Filter Ban in /var/log/sogo/sogo.log
+# Note: the error log may contain multiple hosts, whereas the first one
+# is the client and all others are poxys. We match the first one, only
+
+failregex = Login from '<HOST>.*' for user '.*' might not have worked
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
diff --git a/Scripts/fail2ban/sogo-jail.local b/Scripts/fail2ban/sogo-jail.local
new file mode 100644
index 000000000..4a403e70f
--- /dev/null
+++ b/Scripts/fail2ban/sogo-jail.local
@@ -0,0 +1,9 @@
+[SOGo]
+enabled = true
+port = http,https
+# in proxy-free setup this would be:
+# port = 20000
+filter = sogo
+logpath = /var/log/sogo/sogo.log
+maxretry = 5
+