diff --git a/app/example.yml b/app/example.yml
index c256df3..97c0ce7 100644
--- a/app/example.yml
+++ b/app/example.yml
@@ -47,7 +47,9 @@ streams:
         regex:
           # <ip> is predefined in the patterns section
           # ip's regex is inserted in the following regex
-          - authentication failure;.*rhost=<ip>
+          - 'authentication failure;.*rhost=<ip>'
+          - 'Failed password for .* from <ip>'
+          - 'Connection reset by authenticating user .* <ip>'
         # if retry and retryperiod are defined,
         # the actions will only take place if a same pattern is
         # found `retry` times in a `retryperiod` interval
diff --git a/config/example.jsonnet b/config/example.jsonnet
index 98b66d4..1863889 100644
--- a/config/example.jsonnet
+++ b/config/example.jsonnet
@@ -56,7 +56,9 @@ local iptables(args) = ['ip46tables', '-w'] + args;
           regex: [
             // <ip> is predefined in the patterns section
             // ip's regex is inserted in the following regex
-            'authentication failure;.*rhost=<ip>',
+            @'authentication failure;.*rhost=<ip>',
+            @'Failed password for .* from <ip>',
+            @'Connection reset by authenticating user .* <ip>',
           ],
           // if retry and retryperiod are defined,
           // the actions will only take place if a same pattern is
diff --git a/config/server.jsonnet b/config/server.jsonnet
index 8766e2c..ca72ff5 100644
--- a/config/server.jsonnet
+++ b/config/server.jsonnet
@@ -38,6 +38,7 @@ local banFor(time) = {
           regex: [
             @'authentication failure;.*rhost=<ip>',
             @'Connection reset by authenticating user .* <ip>',
+            @'Failed password for .* from <ip>',
           ],
           retry: 3,
           retryperiod: '6h',