With the help of squirrel logger I now have Fail2Ban banning IPs from attempted logins of my webmail interface. Configuring squirrel logger was a breeze. I simple send it to syslog, where it is picked up by my mail.info log. I created my own squirrelmail.conf for fail2ban which is below.
# Fail2Ban configuration file
#
[Definition]
# Option: failregex
failregex = 0: Failed webmail login: by.*\(.*\) at <HOST> on.*$
ignoreregex =