Yes that was what i tough , since i removed those client apps from my phone i did not had any more issues with my public ip being banned or any line in log with the word "auth fail" where i log in . It looks like most error logs i get here are : (Someone trying to force SSL on TLS 1.3 connection , probably to exploit some vulnerability in SSL1,2 and 3 in case of success ) dovecot: imap-login: Disconnected: Connection closed: SSL_accept() failed: error:0A00010B:SSL routines::wrong version number (disconnected before auth was ready, waited 0 secs): user=<>, rip=xxx.xxx. xxx.xxx, lip=XXX.XXX.XXX.XXX, TLS handshaking: SSL_accept() failed:error:0A00010B:SSL routines::wrong version number, session=<some_hash>
or this one witch looks like manual input over telnet to try something
dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, session=<some_hash>
Honestly none of these ips have good intentions or are from valid domains , i will probably create a bash script that i will run daily to catch all of these attempts and ban the ip forever in iptables , more easier to solve this issue than giving that person 10 minutes or hours of ban time and then retry again .