Dovecot-iptables exim-iptables - fail2ban - /etc/fail2ban/jail.local

Why do these sections in the configuration do not have the “maxretry” option by default? Is this on purpose or an error? Does it need to be added or does it work differently? Can someone comment?

enabled = true
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlog

enabled = true
filter = dovecot
action = hestia[name=MAIL]
logpath = /var/log/dovecot.log


If you don’t use a maxretry directive in /etc/fail2ban/jail.local file, it will use the defaults configured in /etc/fail2ban/jail.conf. The same for bantime and findtime.

# "bantime" is the number of seconds that a host is banned.
bantime  = 10m

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 10m

# "maxretry" is the number of failures before a host get banned.
maxretry = 5