Hello to everyone who may be interested into this subject (ie: having Fail2Ban protect _recent_ versions of RoundCube)
I found the solution by myself... Carefully digging into the documentation always help
Note that my config. files mainly relate to Debian (6) so your setup may vary.
The failing logging attemps lines logged by roundcube may also vary, in which case my post won't be that useful to you. But I believe that these lines are pretty consistent for _recent_ versions of roundcube (and that they hopefully won't change AGAIN)
So far I was always trying a new regexp for my /etc/fail2ban/filter.d/roundcube-local.conf, reloading fail2ban, and passing bad login/pass to roundcube until the connection attempts limit I set was reached. Not that handy, since after the 6th or 7th regexp, you don't really remember what you already tried...
So here's the thing:
In your filter, you can define multiple regexp:
failregex = regexp1
regexp2
regexp3
AndSoOn
Then you can run fail2ban-regex like this:
fail2ban-regex /your/log /your/filter
Which, in my case, would give something like this:
fail2ban-regex /var/log/user.log /etc/fail2ban/filter.d/roundcube-local.conf
That will give you the regexp that matches. Once you know it, you can edit again your filter to keep only this one.
Now, if (like I believe) recent versions of RoundCube (ie 0.7 for sure and probably all versions >= 0.5) all log the same kind of message, you dont have to go through all that hassle. Here is the correct regexp to fill in:
failregex = roundcube: IMAP Error: Login failed for .* from <HOST>\..*$
Of course if your roundcube doesn't access clear text IMAP (but IMAPS or POP(S), even if I believe that this last option is not possible), you may want to replace it with:
roundcube: .* Error: Login failed for .* from <HOST>\..*$
(Note that I have not tested this).
Hope this helps
SKaero, thanks again for your help
Cheers.