I have discovered many these attacks on dovecot in /var/log/mail.err How do we ban this new type of attack?
Is it a new type of attack? I use fail2ban and to ban those attacks have added to jail.local: Code: [dovecot] enabled = true
Why do you think that this is a new type of attack? According to your log, it seems that there is just a bot trying out username/password combinations.
There is on my host, it came with fail2ban. I verified again just now, and it does ban IP-addresses guessing passwords in dovecot. If you read the dovecot jail definition in fail2ban, you see it has regular expression that matches the log line you showed in #1. Edit: I noticed you never wrote what OS you are using on that host. I have Debian GNU/Linux 10 and there fail2ban does ban those attempts.
My OS is Ubuntu 20.04. Because the log in the question is /var/log/mail.err while ISPConfig fail2ban default log of dovecot is /var/log/mail.log So we have to add /var/log/mail.err to some where else in fail2ban jail.local