From a82caf5d9b0b6db782b660359904f13646d350b8 Mon Sep 17 00:00:00 2001
From: Robert Pufky <rpufky@gmail.com>
Date: Sat, 1 Feb 2020 14:57:03 -0800
Subject: [PATCH] Fix broken fail2ban dovecot filter; use <HOST> instead of
 undocumented feature.

* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
  supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
  error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
---
 target/fail2ban/filter.d/dovecot.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/target/fail2ban/filter.d/dovecot.conf b/target/fail2ban/filter.d/dovecot.conf
index 6814b0ca..c83ecef4 100644
--- a/target/fail2ban/filter.d/dovecot.conf
+++ b/target/fail2ban/filter.d/dovecot.conf
@@ -10,7 +10,7 @@ failregex = ^%(__prefix_line)s(pam_unix(\(dovecot:auth\))?:)?\s+authentication f
             ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((no auth attempts|auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>, lip=(\d{1,3}\.){3}\d{1,3}(, session=<\w+>)?(, TLS( handshaking)?(: Disconnected)?)?\s*$
             ^%(__prefix_line)s(Info|dovecot: auth\(default\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
             ^\s.*passwd-file\(\S*,<HOST>\): unknown user.*$
-            (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+            (?: pop3-login|imap-login): .*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(<HOST>),.*
 
 ## ^%(__prefix_line)spasswd-file\(\S*,<HOST>\): unknown user.*$
-ignoreregex =
\ No newline at end of file
+ignoreregex =