To enable fail2ban on Postifx SMTP AUTH, add the following lines in /etc/fail2ban/jail.local file. If the file doesn’t exist, then create this file.

[postfix-auth]

enabled  = true
bantime  = 1h
maxretry = 3
filter   = postfix.auth
action   = iptables-multiport[name=postfix, port="http,https,smtp,submission,pop3,pop3s,imap,imaps,sieve", protocol=tcp]
logpath  = /var/log/mail.log

Save and close the file. Then create the filter rule file.

Add the following lines in /etc/fail2ban/filter.d/postfix.auth.conf

[Definition]

failregex = lost connection after AUTH from (.*)\[<HOST>\]
ignoreregex =

Save and close the file. Restart fail2ban the changes to take effect.

systemctl restart fail2ban