This may be useful for anyone who is a little lost:
[DEFAULT]
maxretry = 5
findtime = 1d
bantime = 2d
[recidive]
enabled = true
filter = recidive
action = hestia[name=RECIDIVE]
logpath = /var/log/fail2ban.log
maxretry = 3
findtime = 1w
bantime = 1mo
[ssh-iptables]
enabled = true
filter = sshd
action = hestia[name=SSH]
logpath = /var/log/auth.log
[vsftpd-iptables]
enabled = true
filter = vsftpd
action = hestia[name=FTP]
logpath = /var/log/vsftpd.log
[exim-iptables]
enabled = true
filter = exim
action = hestia[name=MAIL]
logpath = /var/log/exim4/mainlog
[dovecot-iptables]
enabled = true
filter = dovecot
action = hestia[name=MAIL]
logpath = /var/log/dovecot.log
[mysqld-iptables]
enabled = false
filter = mysqld-auth
action = hestia[name=DB]
logpath = /var/log/mysql/error.log
[hestia-iptables]
enabled = true
filter = hestia
action = hestia[name=HESTIA]
logpath = /var/log/hestia/auth.log
[roundcube-auth]
enabled = true
filter = roundcube-auth
action = hestia[name=WEB]
logpath = /var/log/roundcube/errors
[phpmyadmin-auth]
enabled = true
filter = phpmyadmin-syslog
action = hestia[name=WEB]
logpath = /var/log/auth.log
Meaning
If within a day (or less), an IP address commits 5 login errors on one or more services, it is banned for 2 days.
If within a week (or less), an IP address has been banned 3 times, it will be banned for 1 month.
The number of banned IP addresses is usually around 100.