Sooner or later Fail2Ban is going to block one of your legitimate mail users. Unbanning is awkward, especially if you have an upset client on the phone. It gets worse if you have a separate jail for repeat offenders with a long term ban as you have to search for and possibly unblock multiple rules.
Here is a simple script that I wrote this morning which generates a list of all of your chains then searches for and unblocks a specified IP address in each chain. You can either specify the IP from the command line or it will prompt. It has been tested with both web and mail servers with multiple custom chains and fail2ban rule sets. It works well with the stock iRedMail filters provided by Zhang Huangbin.
Note, it does not notify fail2ban so you will see an error in your log when fail2ban eventually tries to unban this IP.
Feel free to reuse, modify or distribute as you see fit.
#!/bin/bash
#
# unban - Script to remove fail2ban blocks for given IP address
#
# Version 1.0
# Last Modified Jun 26, 2014 by bmackay at razyr.net
#
# History
# Ver 1.0 Jun 26, 2014
# - discover iptables chains
# - remove IP if found in chain
#
echo
echo "**************************"
echo "* Starting unban Ver 1.0 *"
echo "**************************"
echo
FOUND=0
if [ $# -eq 0 ]; then
echo -n "Enter IP Address: "
read IP
else
IP=$1
fi
CHAINS=( `iptables -L -n | grep references | cut -d" " -f2` )
for chain in "${CHAINS[@]}"
do
rule=`iptables -L $chain -n --line-numbers | grep $IP | cut -d" " -f1`
if [ $rule ]; then
((FOUND++))
echo -n Deleting $chain rule $rule
iptables -D $chain $rule
case $? in
[0]*)
echo -e " [\E[0;32mOK\E[0;37m]"
;;
*)
echo -e " [\E[0;31mFAIL\E[0;37m]"
esac
fi
done
echo
echo $FOUND rules deleted
echo
echo "DONE!"
exit