FYI in case someone else can use this info.
In my recent review of my server and trying to tighten up
security. I noticed that there were a number of IPs that showed up
regularly in my fail2ban firewall rules. I have a fail2ban jail
for vpopmail that looks at failed login attempts and blocks their
IP addresses in iptables.
One IP address in particular would attack my server, get banned
by fail2ban, and when the bantime was up, the same IPĀ would start
attacking again, and the loop would continue.
In order to try to do something about these bots, I first looked
at the "recidive" jail that is included with more recent versions
of fail2ban.
The recidive jail was created just for this problem. However
recidive just adds an additional jail time for a repeat offender.
So, for instance a 4 hour jail time might get increased to 1 week.
But after a week it starts over.
In searching I found this article, which describes what I think
is a better approach to the issue.
https://blog.shanock.com/fail2ban-increased-ban-times-for-repeat-offenders/
This article describes how to build a series of increased jail times for a habitual offender. Eventually culminating in a year jail time.
Thanks, Gary