diff --git a/dist/fail2ban/filter.d/maddy-dictonary-attack.conf b/dist/fail2ban/filter.d/maddy-dictonary-attack.conf
new file mode 100644
index 0000000..1b233fa
--- /dev/null
+++ b/dist/fail2ban/filter.d/maddy-dictonary-attack.conf
@@ -0,0 +1,7 @@
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex    = smtp\: MAIL FROM error repeated a lot\, possible dictonary attack\t\{\"count\"\:\d+,\"msg_id\":\".+\",\"src_ip\"\:\"<HOST>:\d+\"\}$
+               smtp\: too many RCPT errors\, possible dictonary attack\t\{\"msg_id\":\".+\","src_ip":"<HOST>:\d+\"\}
+journalmatch = _SYSTEMD_UNIT=maddy.service + _COMM=maddy
diff --git a/dist/fail2ban/jail.d/maddy-dictonary-attack.conf b/dist/fail2ban/jail.d/maddy-dictonary-attack.conf
new file mode 100644
index 0000000..c4f7ff3
--- /dev/null
+++ b/dist/fail2ban/jail.d/maddy-dictonary-attack.conf
@@ -0,0 +1,7 @@
+[maddy-dictonary-attack]
+port     = 993,465,25
+filter   = maddy-dictonary-attack
+bantime  = 72h
+maxtries = 3
+findtime = 6h
+backend  = systemd