Ubuntu, fail2ban, and Dovecot

The standard install of fail2ban on Ubuntu 12.4 LTS doesn’t, by default, pick up all errors. To fix it, edit /etc/fail2ban/filter.d/dovecot.conf and change the failregex line to

failregex = .*(?: pop3-login|imap-login):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed|Disconnected \(tried to use disabled).*rip=(?P\S*),.*

It’s the “Disconnected \(tried to use disabled” which is important.