Hi, I just paid attention on the fail2ban-log page, and saw something like this: 2018-02-14 01:14:12,118 fail2ban.actions[871]: WARNING [postfix-sasl] Ban 37.49.225.161 2018-02-14 01:24:12,806 fail2ban.actions[871]: WARNING [postfix-sasl] Unban 37.49.225.161 there are many of them, i check on who.is, mostly the IP was come from RIPE NCC, I learn that using iptables, i could block them (iptables -A INPUT -s 37.0.0.0/8 -j DROP) but, just wondering, does I really need to do that? or just leave it be? will this effecting performance of the server in the future? Kindly need your advice. Thank you.
I sure wouldn't try to update a block list manually, that would be never-ending and about impossible to keep up with what addresses should be removed. You could step up the fail2ban configuration to block more and longer, eg. take a look at the 'recidive' jail in the Debian Jessie fail2ban package for how to block repeat offenders for a longer period. There are various IP reputation lists/services you could utilize to keep known bad it's away; if you have a network firewall you might see what it can do in that regard.