I am running Plesk 8.3 and am trying to get Fail2ban dialed in to reduce attacks. I have it installed and have the defaults there with the exception of the following that I added for Courier which seems to be working but I don't think its catching everything it should. Fail2ban is blocking things but I think its missing some as well.
[courierimap-iptables]
enabled = true
filter = courierlogin
action = iptables-multiport[name=IMAP, port="110,995,143,993"]
sendmail-whois[name=IMAP, dest=user@domain.com, sender=fail2ban@yourdomain.com]
logpath = /usr/local/psa/var/log/maillog
maxretry = 6
I can't get the Horde rule to work either, below is an example of the string it is seeing. I have tried multiple regex settings that I found on the Fail2Ban wiki and some other blog posts but none worked.
Jul 19 10:15:38 HORDE [error] [imp] FAILED LOGIN 1.1.1.1 to localhost:143[imap/notls] as user@domain.com [on line 258 of "/usr/share/psa-horde/imp/lib/Auth/imp.php"]