I think it would be useful if at the “Firewall --> Managed Banned IPs”, the service for which it was blocked also appears in the list of blocked ip for bruteforce.
At the same time, I think that at Roundcube it would be good to implement the self-saving in the address book of the new addresses.
Please use our github issue tracker for any feature request: https://github.com/hestiacp/hestiacp/issues/new
CSF does this easily and is an option, for installing. No need to reinvent anything.
Instead of black-listing, you might also consider white-listing some geoip ranges, e.g. if you’re lucky enough to only receive legitimate login attempts to your WebMail from a few countries. It helps block most of bad traffic (in my case 10.000-100.000 bad login attempts per day)
Fail2ban does the same only after xx times it shows RECIDIVE
For additional peace of mind, you could also set/update on a daily basis some more blacklists for bad players. Have a look here Hestia Post Install Tweaks