I installed fail2ban on a mail server yesterday, to deal with a specific hassle related to a huge number of hits to our (clients-who-send-mail) SMTP infrastructure. It did little good. I became aware the problem was that the authentication attempts were via SASL. So, I enabled SASL. Nothing. Then I found a good forum post. Long story short, modify /etc/fail2ban/filter.d/sasl.conf as follows: