Are the failures for valid users in the pam messages? If so the short answer is don't worry about them. You will probably get them every time a user logs on. For the long answer see https://www.clearos.com/clearfoundation/social/community/pam-unix-authentication-failure and similar threads. I use the file in this post in a different thread. The issue is that the authentication mechanism tries against unix accounts first and reports an error if it fails and then it tries against ldap accounts. All cyrus-imap users are ldap users.

Nick Howitt wrote:

So it uses the name imapd for port 993 but cyrus-master for the IMAP and POPS processes. Strange programming! IMAP is listening on localhost only. I've no idea why that would be but let's assume it is correct.

As you are not listening externally on POP/IMAP, I'd assume you logwatch report is grouping POP and POPS together and reporting them as POP. Ditto IMAP and IMAPS, but only you can crosscheck that. A quick grep of failures in the maillog for one day may prove that.

Hi again.
Sorry I've had no time to look at this for a week.
The number of failures is still in the hundreds.
But the grep of failures in maillog shows only 21 for the day on imaps. All failures are captured in fail2ban and the IP addresses are banned.
I'm scratching my head and can't figure out why logwatch is still showing 717 failures over 5 users on the same day.
If the failures aren't in maillog, then where could logwatch be picking up the failures?

if you want one LAN for one WAN, you could do it with 5 ClearOS. One as a KVM hypervisor running 4 instances of ClearOS. With one ClearOS you won't get separation of your LAN's. Even WAN's won't separate if one fails, but otherwise source-based routing should work.

The potential benefits of 2 or 3 is that you could use dedicated hypervisor o/s. I have one proxmox server, a server which was ClearVM but we did things to break ClearVM and now just run it as Centos with KVM command line, and I have ClearOS running KVM/Kimchi.

I have no idea about this set up. If you have four ports on the ISP box and they carry different traffic, then you'll need 4 NIC's in ClearOS unless you can redirect all the ISP traffic over VLANS on a single port.

ClearOS is not really designed to tie a WAN port to a LAN port and port forwarding operates on all WAN ports at the same time.

I think hypervisors often have the ability to pass through NIC's and ports. From Googling, Xen does - https://www.google.com/search?q=xen+passthrough+wifi+nic.

From your link, there are a couple of glitches installing KVM in ClearOS but I run it. I also sometimes use Kimchi, but it is relatively old and there is an annoying bug (if you upload an iso, it ends up with the wrong permissions so you have to change them before you can use them). You can also use the graphical desktop and Virtual Machine Manager to manage KVM. There is a howto in our knowledgebase. The command line isn't too bad either. In ClearOS you can also run VirtualBox.