I’ve been using a lot of this lately:
iptables -A INPUT -s IP-ADDRESS -j DROP
service iptables save
I’ve noticed that pop3 attempts aren’t being filtered by Fail2Ban; I’ve seen an increase in dictionary attacks on this port and have had to resort to manually banning the offenders. I’ve also installed a LogViewer in WHM to assist in the fight.