ot: how to block persistent same invalid account, different IPs

I've installed fail2ban, it seems to be working as it identified my failed test logins, BUT, my question is:

what can I do when I see same invalid name trying to login to dovecot, different IP each time, how can I say block each IP as used by this name ? or it that a bad idea ?

I can see two persistent attempts as so:

I don't have such user 'ignacio' or 'julian'

# grep ignacio.munoz /var/log/dovecot.log | wc 178 3436 35624 # grep ignacio.munoz /var/log/dovecot.log | grep 'auth fail' | wc 178 3436 35624

# grep julian /var/log/dovecot.log | wc 178 3432 34321 # grep julian /var/log/dovecot.log | grep 'auth fail' | wc 178 3432 34321

last 6 tries, sometimes have just : , sometimes, with tld

Dec 22 17:00:33 imap-login: Info: Disconnected (auth failed, 1 attempts in 8 secs): user=ignacio.munoz@aaa.com, method=PLAIN, rip=157.122.183.218, lip=163.47.110.6, TLS, session=<Z4JniOdgkgCderfa> Dec 22 17:01:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 7 secs): user=, method=PLAIN, rip=60.172.162.2, lip=163.47.110.6, TLS, session=<CsdriudgWAA8rKIC> Dec 22 18:58:26 imap-login: Info: Disconnected (auth failed, 1 attempts in 10 secs): user=ignacio.munoz@aaa.com, method=PLAIN, rip=60.30.224.189, lip=163.47.110.6, TLS: Disconnected, session=<kvLWLelg0QA8HuC9> Dec 22 18:58:59 imap-login: Info: Disconnected (auth failed, 1 attempts in 7 secs): user=, method=PLAIN, rip=220.164.2.138, lip=163.47.110.6, TLS: Disconnected, session= Dec 22 19:30:28 imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs): user=ignacio.munoz@aaa.com, method=PLAIN, rip=113.8.194.3, lip=163.47.110.6, TLS, session=<jfSgoOlgswBxCMID> Dec 22 19:31:09 imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=58.210.119.226, lip=163.47.110.6, TLS, session=

-- Voytek