fail2ban blocks are based on IP Addresses. This may cause problems in case of NAT'ed clients. Using fail2ban, if a number of clients are behind a NAT gateway, they will all be banned, despite that perhaps only one of them is guilty. Moreover, we need to block based on username(s), because the same user (esp. a malicious one) may try logging from different IP Addresses if one is banned.
Furthermore, I believe that we should treat differently the login to the webmail system than the login to the IMAP/SMTP services (receiving/sending mail). We can control the latter via a mail firewall like postfwd (when using postfix), but we would need to control the logins to the webmail system directly.
So, if this feature can be added, I believe it will provide real added value.
Cheers,
Nick