This connection drop is normal behavior of a unixoide system when
there are more request to a service then it can handle.
I have seen such connection floods also, mainly SMTP and in
recent years also on POP3. Limiting the max connections does help
prevent the system from overloading.
As far as the log files you showed, the connection where all from
the same IP address in a very short time frame, e.g. in the same
> ( In the meantime, I have created a new jail called "fail2ban-dovecot" ,
> which will find the connections from dovecot.log and ban the IPs. )
Should probably not be needed, if the limit option in Dovecot is
doing what I think it should do.