Blocking Relay dictionary attacks

I’m seeing a lot of this in my logs. I’d like to setup a rule in fail2ban to block multiple 554 errors. Should I add to existing miab jails, create another one, or should I defend against this another way?

Jan 10 12:26:14 box postfix/smtpd[15031]: connect from cvps12712289499.hostwindsdns.com[104.168.145.64]
Jan 10 12:26:14 box postfix/smtpd[15031]: NOQUEUE: reject: RCPT from cvps12712289499.hostwindsdns.com[104.168.145.64]: 554 5.7.1 smtps1235@gmail.com: Relay access denied; from=Contact@mymaildomain.com to=smtps1235@gmail.com proto=ESMTP helo=<cvps12712289499.hostwindsdns.com>
Jan 10 12:26:15 box postfix/smtpd[15031]: lost connection after RCPT from cvps12712289499.hostwindsdns.com[104.168.145.64]
Jan 10 12:26:15 box postfix/smtpd[15031]: disconnect from cvps12712289499.hostwindsdns.com[104.168.145.64]
Jan 10 12:26:15 box postfix/smtpd[17446]: connect from cvps12712289499.hostwindsdns.com[104.168.145.64]
Jan 10 12:26:16 box postfix/smtpd[17446]: NOQUEUE: reject: RCPT from cvps12712289499.hostwindsdns.com[104.168.145.64]: 554 5.7.1 smtps1235@gmail.com: Relay access denied; from=copie@mymaildomain.com to=smtps1235@gmail.com proto=ESMTP helo=<cvps12712289499.hostwindsdns.com>
Jan 10 12:26:18 box postfix/smtpd[17446]: lost connection after RCPT from cvps12712289499.hostwindsdns.com[104.168.145.64]
Jan 10 12:26:18 box postfix/smtpd[17446]: disconnect from cvps12712289499.hostwindsdns.com[104.168.145.64]

I’d make a new jail, as it is likely that MIAB will overwrite it’s jail configuration in the future.

If you do figure out the right fail2ban configuration, consider making a pull request? Could be a good addition to the base installation.