Hi Dan
Relevent parts of my jail.local i borrowed from here
https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
*[qmail-rbl]**
**filter = qmail**
**port = smtp,465,submission**
**logpath = /service/qmail/log/main/current*
And the qmail.conf in filter.d folder
*# Fail2Ban configuration file**
**#**
**# Author: Cyril Jaquier**
**#**
**#**
**
**[Definition]**
**
**# Option: failregex**
**# Notes.: regex to match the password failures messages in the
logfile. The**
**# host must be matched by a group named "host". The tag
"<HOST>" can**
**# be used for standard IP/hostname matching and is only an
alias for**
**# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)**
**# Values: TEXT**
**#**
**failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>**
**
**# Option: ignoreregex**
**# Notes.: regex to ignore. If this regex matches, the line is ignored.**
**# Values: TEXT**
**#**
**ignoreregex = *
*
**[dovecot]**
**port = pop3,pop3s,imap,imaps,submission,465,sieve**
**logpath = %(dovecot_log)s*
And the dovecot.conf in filter.d folder
*# Fail2Ban configuration file for dovcot**
**#**
**# Author: Martin Waschbuesch**
**#**
**#**
**
**[Definition]**
**
**# Option: failregex**
**# Notes.: regex to match the password failures messages in the
logfile. The**
**# host must be matched by a group named "host". The tag
"<HOST>" can**
**# be used for standard IP/hostname matching and is only an
alias for**
**# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)**
**# Values: TEXT**
**#**
**failregex = .*(?:pop3-login|imap-login):.*(?:Authentication
failure|Aborted login \(auth failed|Aborted login \(tried to use
disabled|Disconnected \(auth failed).*\s+rip=(?P<host>\S*),.***
** pam.*dovecot.*(?:authentication
failure).*\s+rhost=<HOST>(?:\s+user=.*)?\s*$**
**
**# Option: ignoreregex**
**# Notes.: regex to ignore. If this regex matches, the line is ignored.**
**# Values: TEXT**
**#**
**ignoreregex = **
**
*
