With fail2ban in place, the people attacking the mail system moved to webmail and used it to get the web server banned so that webmail was intermittently broken.
I’ve exempted the local servers so this will no longer happen and I’m working on installing fail2ban on the web, ftp, and shell servers, as well as a necessary plugin that will cause Squirrel Mail to log the address so we can ban attackers of webmail.
I kind of expected an onslaught of bad activity after Microsoft discontinued support for Windows-XP. They’ve basically just added a large amount of vulnerable CPU capacity to the web for these people to form new botnets and launch attacks from.