diff --git a/Scripts/fail2ban/sogo-filter.conf b/Scripts/fail2ban/sogo-filter.conf
new file mode 100644
index 000000000..b6d2da58e
--- /dev/null
+++ b/Scripts/fail2ban/sogo-filter.conf
@@ -0,0 +1,20 @@
+# /etc/fail2ban/filter.d/sogo.conf
+#
+# Fail2Ban configuration file
+# By Arnd Brandes
+# SOGo
+#
+
+[Definition]
+# Option: failregex
+# Filter Ban in /var/log/sogo/sogo.log
+# Note: the error log may contain multiple hosts, whereas the first one
+# is the client and all others are poxys. We match the first one, only
+
+failregex = Login from '<HOST>.*' for user '.*' might not have worked
+
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =
diff --git a/Scripts/fail2ban/sogo-jail.local b/Scripts/fail2ban/sogo-jail.local
new file mode 100644
index 000000000..4a403e70f
--- /dev/null
+++ b/Scripts/fail2ban/sogo-jail.local
@@ -0,0 +1,9 @@
+[SOGo]
+enabled = true
+port = http,https
+# in proxy-free setup this would be:
+# port = 20000
+filter = sogo
+logpath = /var/log/sogo/sogo.log
+maxretry = 5
+