To enable fail2ban on Postifx SMTP AUTH, add the following lines in /etc/fail2ban/jail.local file. If the file doesn’t exist, then create this file.
enabled = true
bantime = 1h
maxretry = 3
filter = postfix.auth
action = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath = /var/log/mail.log
Save and close the file. Then create the filter rule file.
Add the following lines in /etc/fail2ban/filter.d/postfix.auth.conf
failregex = lost connection after AUTH from (.*)\[<HOST>\]
Save and close the file. Restart fail2ban the changes to take effect.
systemctl restart fail2ban