Hello!

I'm not sure if it's a problem to begin with, but the situation is that run Postfix as a mail server on my computer. Almost a year ago because of numerous failed login attempts I installed fail2ban. It does its job. But it's kinda strange for my taste. It bans an IP, after a few hours unbans it, then after half an hour bans again etc. etc. Some bots try to log in once every 20 minutes to escape the ban.

The load average of the server seems to be fine. Approx 0,20

So my question is... Does it all fall within something normal or it requires some action on my part? Or a login attempt once in 20 minutes is something so light for the server so it's best to ignore it?

You can actually do a perma-ban. However, if the list of that goes too long, it might even have a negative impact on your server. I just ban them for 4-6hours and live with it.

You can set it from c-line using (assuming postfix jail here)

perma-ban:
10 minute ban:
NOTE: These two^^ commands do not require a fail2ban service restart and the effect is immediate.
(You keep your current rules 'alive' where 'service fail2ban restart' likely will not)

Checking the setting is just as easy:
Please let us know.

Thanks for your replies!

I don't use perma-ban, since I see lots of IPs and I'm not even sure how real are they. Perma-ban can jeopardize communication with the legit user, using the same banned IP. If it was the same IP over and over again causing problems, then maybe it's different.

So far fail2ban does its job OK, so I don't want to take any kind of revolutionary steps.