Use upstream sogo-auth filter

root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo

@@ -11,7 +11,7 @@ $OUT .=<<"EOF";
 
 [sogo]
 enabled  = true
-filter   = sogo
+filter   = sogo-auth
 logpath  = /var/log/sogo/sogo.log
 action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
 EOF

root/etc/fail2ban/filter.d/sogo-auth.conf

@@ -0,0 +1,20 @@
+# /etc/fail2ban/filter.d/sogo-auth.conf
+#
+# Fail2Ban configuration file
+# By Arnd Brandes
+# SOGo
+#
+
+[Definition]
+# Option: failregex
+# Filter Ban in /var/log/sogo/sogo.log
+# Note: the error log may contain multiple hosts, whereas the first one 
+# is the client and all others are poxys. We match the first one, only
+
+failregex = Login from '<HOST>' for user '.*' might not have worked( - password policy: \d*  grace: -?\d*  expire: -?\d*  bound: -?\d*)?\s*$
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex = 

root/etc/fail2ban/filter.d/sogo.conf

@@ -1,10 +0,0 @@
-[INCLUDES]
-before = common.conf
-
-[Definition]
-
-_daemon = sogod
-
-failregex = ^\s*%(_daemon)s\s*%(__pid_re)s:\s*SOGoRootPage Login from '<HOST>' for user '.*' might not have worked \-.*$
-
-ignoreregex =