I leave well enough alone, but rev 2 got a new parser to allow more user control.
The documentation may be old. However the dovecot trigger does look for auth failed. dovecot default imap-login: Aborted login (auth failed, 6 attempts): XYZ rip=184.108.40.206, lip=127.0.0.1 I run a personal email server and have the luxury of geographically limiting access to all mail ports other than 25. (I use 587). So I get few attempts at logins. Then again I can't access my email in 99% of the world in addition from hosting companies and cloud servers. Original Message From: je...@seibercom.net Sent: May 22, 2020 3:38 AM To: email@example.com Reply-to: firstname.lastname@example.org Subject: Re: fail2ban setup centos 7 not picking auth fail? On Thu, 21 May 2020 23:22:04 -0700, lists stated: >I use SSHGuard on well ssh (doh!), but supposedly you can use it for >postfix and dovecot also. I can tell you it is well supported. I am >on Centos 7 using firewalld. SSHGuard works fairly well with Postfix; however, it is virtually useless with Dovecot. It never picks up on "auth fail" and a few others. I have submitted documentation and requests to SSHGuard, but they have never acted upon them, other than to say that they will look into it. -- Jerry