When I look at fail2ban status there is about 1100 banned ip. If I stop and start fail2ban there is no bans but 5 minutes later all the bans are back. I use Firewalld. Where can all this bans come from
This is a performance issue with fail2ban and firewalled you can speed this up by changing your jails to use iptables or as I have done ditch fail2ban and firewalld and use something else
I have 2 other servers without any CP so I control them with ssh and there I have ufw and fail2ban and that works great. But it is probably simpler because its a pure email server that is very locked down.
Note no firewalld , to get a perfomance increase change you fail2ban jails to use iptables rather than the default firewalld this may be enough performance increase to stop the problem you are seeing
I have now CSF installed instead and we have to see. For now there is a positive change in performance. I will dig down into tutorials about CSF to finetune it more.