Question What to do against high frequently attackers

[DieterWerner]

Either fail2ban or log to secure is to slow in order to prevent this (example):
2022-01-31 14:14:01,768 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,770 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,771 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,771 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,772 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,772 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,772 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,773 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,774 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,774 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,775 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,775 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,778 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,778 fail2ban.actions [11696]: NOTICE [plesk-postfix] Ban 193.56.29.154
2022-01-31 14:14:01,782 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,797 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,800 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,802 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,802 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,803 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,804 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,805 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01
2022-01-31 14:14:01,805 fail2ban.filter [11696]: INFO [plesk-postfix] Found 193.56.29.154 - 2022-01-31 14:14:01

So I wonder what could help

 

[Monty]

Those connection attempts occurred all within 100ms. And fail2ban has banned the IP within 10ms so it was working just fine. It takes some milliseconds for the ban to be active and for Postfix to log and process the failed login attempt that were made before the ban. So it's expected behaviour what you're seeing.

You can check your banned IPs with iptables -nvL, there you will see that the IP is listed and the dropped packet counter is increasing.