Hello,
I think it would be useful if at the “Firewall --> Managed Banned IPs”, the service for which it was blocked also appears in the list of blocked ip for bruteforce.
At the same time, I think that at Roundcube it would be good to implement the self-saving in the address book of the new addresses.
Instead of black-listing, you might also consider white-listing some geoip ranges, e.g. if you’re lucky enough to only receive legitimate login attempts to your WebMail from a few countries. It helps block most of bad traffic (in my case 10.000-100.000 bad login attempts per day)
For additional peace of mind, you could also set/update on a daily basis some more blacklists for bad players. Have a look here Hestia Post Install Tweaks