O fail2ban pode detectar e bloquear intervalos de IP?

Todos os dias recebo centenas dessas linhas no meu mail.log:

Apr 28 11:10:28 servername amavis[30077]: (30077-08) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.16] <[email protected]> -> <[email protected]>, quarantine: F/spam-FaGlty0PIZMS.gz, Message-ID: <[email protected]>, mail_id: FaGlty0PIZMS, Hits: 7.544, size: 5136, 7444 ms
Apr 28 11:44:53 servername amavis[30074]: (30074-10) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.25] <[email protected]> -> <[email protected]>, quarantine: H/spam-H4sMG6EC6q-I.gz, Message-ID: <[email protected]>, mail_id: H4sMG6EC6q-I, Hits: 12.405, size: 5209, 3816 ms
Apr 28 11:45:53 servername amavis[30077]: (30077-10) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.30] <[email protected]> -> <[email protected]>, quarantine: q/spam-qNkRyAnBW5ul.gz, Message-ID: <[email protected]>, mail_id: qNkRyAnBW5ul, Hits: 12.405, size: 5217, 4456 ms
Apr 28 12:05:22 servername amavis[30074]: (30074-12) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.11] <[email protected]> -> <[email protected]>, quarantine: z/spam-zaKH80IIImbj.gz, Message-ID: <[email protected]>, mail_id: zaKH80IIImbj, Hits: 11.155, size: 5163, 6837 ms
Apr 28 12:06:41 servername amavis[30074]: (30074-13) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.40] <[email protected]> -> <[email protected]>, quarantine: j/spam-jgw8hoOtyeSf.gz, Message-ID: <[email protected]>, mail_id: jgw8hoOtyeSf, Hits: 9.546, size: 4749, 3844 ms
Apr 28 12:07:50 servername amavis[30077]: (30077-13) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.95] <[email protected]> -> <[email protected]>, quarantine: w/spam-wYu7sNla0_BX.gz, Message-ID: <[email protected]>, mail_id: wYu7sNla0_BX, Hits: 8.87, size: 4729, 3889 ms
Apr 28 12:58:32 servername amavis[30077]: (30077-16) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.46] <[email protected]> -> <[email protected]>, quarantine: 5/spam-52iE_rnYAkaF.gz, Message-ID: <[email protected]>, mail_id: 52iE_rnYAkaF, Hits: 19.628, size: 5032, 7830 ms
Apr 28 13:39:12 servername amavis[30077]: (30077-20) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.62] <[email protected]> -> <[email protected]>, quarantine: 8/spam-8zKenB5I3mjS.gz, Message-ID: <[email protected]>, mail_id: 8zKenB5I3mjS, Hits: 11.211, size: 5106, 3928 ms
Apr 28 14:22:34 servername amavis[14260]: (14260-04) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.64] <[email protected]> -> <[email protected]>, quarantine: S/spam-SLdyUkN0XFpi.gz, Message-ID: <[email protected]>, mail_id: SLdyUkN0XFpi, Hits: 12.405, size: 5146, 3869 ms
Apr 28 14:58:44 servername amavis[14260]: (14260-06) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.47] <[email protected]> -> <[email protected]>, quarantine: M/spam-MEimd4Bg1bE3.gz, Message-ID: <[email protected]>, mail_id: MEimd4Bg1bE3, Hits: 11.231, size: 5064, 3838 ms
Apr 28 15:16:17 servername amavis[15052]: (15052-08) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.91] <[email protected]> -> <[email protected]>, quarantine: M/spam-MVHz2AB6fJWo.gz, Message-ID: <[email protected]>, mail_id: MVHz2AB6fJWo, Hits: 10.805, size: 5071, 3764 ms
Apr 28 15:16:38 servername amavis[14260]: (14260-09) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.95] <[email protected]> -> <[email protected]>, quarantine: P/spam-P_vgm1aE0UvA.gz, Message-ID: <[email protected]>, mail_id: P_vgm1aE0UvA, Hits: 9.555, si 6.694, size: 5656, 2536 ms
Apr 28 15:57:55 servername amavis[14260]: (14260-15) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.108.104] <[email protected]> -> <[email protected]>, quarantine: 8/spam-8hnRkMDQmj4E.gz, Message-ID: <[email protected]>, mail_id: 8hnRkMDQmj4E, Hits: 9its: 7.772, size: 8343, 6229 ms
Apr 28 16:36:12 servername amavis[14260]: (14260-20) Blocked SPAM {DiscardedInbound,Quarantined}, [185.140.110.64] <[email protected]> -> <[email protected]>, quarantine: J/spam-JAzp8lAdYrqB.gz, Message-ID: <[email protected]>, mail_id: JAzp8lAdYrqB, Hits: 18.228, size: 4938, 4849 ms

Como você pode ver, os e-mails vêm de IPs diferentes, mas semelhantes. Neste exemplo, de 185.140.110.xxx e 185.140.108.xxx (ou 185.140.110.0/24 e 185.140.108.0/24 na sintaxe da máscara de rede).

O Fail2ban é bom na identificação de linhas de log a partir de endereços IP idênticos, mas aqui temos todos os endereços diferentes, mas todos de alguns poucos intervalos pequenos.

Existe uma maneira de dizer ao fail2ban, não procurar em endereços IP idênticos, mas em intervalos?

Eu quero que o fail2ban bloqueie todos os IPs de 185.140.110.0 a 185.140.110.255 assim que ele detectar 3 linhas com endereços IP nesse intervalo dentro de algumas horas.