fail2ban config for bots trying to login

[sol2070]

Hi!

Also, write an article (perhaps on wiki pages since it is not related directly to maddy) about how to configure fail2ban for it.

I saw the above mention on this closed issue. Is there some article about how to configure fail2ban to ban IPs trying to access Maddy? Coundn't find any. I'm getting a lot of login attempts from bots, I guess, like this one:
Sep 22 01:06:41 hstg.vps maddy[998]: submission/sasl: authentication failed {"reason":"no auth. provider accepted creds, last err: unknown credentials","src_ip":"185.104.186.2:56851","username":"webmail"}

Thanks!

[sol2070]

If somebody are facing this issue, the following worked for me. Now fail2ban is banning the IPs trying to login on Maddy:

## /etc/fail2ban/jail.local

[maddy-subm]
port     = 465,25,587
enabled  = true
filter   = maddy-subm
logpath  = /var/log/syslog
bantime  = -1
findtime = 36000
maxretry = 1
action   = iptables-multiport[name=maddy-subm, port="464,25,587", protocol=tcp]

## /etc/fail2ban/filter.d/maddy.subm.conf
[Definition]
## Example of attempted login
# Sep 24 19:43:40 hstg.vps maddy[998]: submission/sasl: authentication failed {"reason":"no auth. provider accepted creds, last err: unknown credentials", "src_ip":"185.104.186.2:51802","username":"billing"}
##

failregex   = submission/sasl: authentication failed#011{"reason":"no auth. provider accepted creds, last err: unknown credentials","src_ip":"<HOST>:.*$

ignoreregex =

[foxcpp]

There is https://github.com/foxcpp/maddy/tree/master/dist/fail2ban, noit sure how useful it is.

[sol2070]

Oh, I didn't notice these files. Thank you!