On the mail server this morning we were hit with a brute force password guessing attack by a large botnet. For some unknown reason fail2ban died and then the bots swamped the dovecot imap server to the point of totally wedging it.
Fail2ban is restarted and has locked out most of the botnet IP addresses so that the mail server is no longer choked and can again function.