Ed W wrote: > failregex = : warning: [-._\w]+\[<HOST>\]: SASL > (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$ > failregex = dovecot: auth.*\(.*,<HOST>\): (unknown user|password mismatch)$
Ed, have you found that both failregex lines are actually being used here, as in my experience, only the first failregex line is used? Maybe this has changed in the most recent version of fail2ban, but I have found that I had to create a separate filter file if I wanted to used a second failregex against the same log file and also add a second jail.conf entry. Bill
