[Definition]
# Match auth failures and too-many-attempts from Stalwart logs
failregex = ^\S+ \S+ .*\(auth\.failed\).*remoteIp = <HOST>
^\S+ \S+ .*\(auth\.too-many-attempts\).*remoteIp = <HOST>
ignoreregex =
datepattern = %%Y-%%m-%%dT%%H:%%M:%%SZ