$ cat /etc/fail2ban/jail.d/jail.local
# recidiveの部分を抽出
[recidive]
enabled = true
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 604800 ; 1 week
findtime = 86400 ; 1 day
action = sendmail-whois-lines-subject-w-country[name=%(__name__)s, logpath=%(logpath)s]
%(banaction)s[name=%(__name__)s]

# デフォルト
$ cat /etc/fail2ban/filter.d/recidive.conf
[Definition]
_jailname = recidive

$ cat /etc/fail2ban/filter.d/recidive.local
[Definition]
_jailname = (recidive|dovecot|postfix-rbl)

failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+\s*$

# fail2ban-regex /var/log/fail2ban.log /etc/fail2ban/filter.d/recidive.conf 

Running tests
=============

Use   failregex filter file : recidive, basedir: /etc/fail2ban
Use         log file : /var/log/fail2ban.log
Use         encoding : UTF-8


Results
=======

Failregex: 185 total
|-  #) [# of hits] regular expression
|   1) [185] ^((?:\[\])?\s*(?:<[^.]+\.[^.]+>\s+)?(?:\S+\s+)?(?:kernel: \[ *\d+\.\d+\]\s+)?(?:@vserver_\S+\s+)?(?:(?:(?:\[\d+\])?:\s+[\[\(]?fail2ban\.actions\s*(?:\(\S+\))?[\]\)]?:?|[\[\(]?fail2ban\.actions\s*(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)\s+)?(?:\[ID \d+ \S+\]\s+)?| fail2ban\.actions\s*(?:\[\d+\])?:\s+)NOTICE\s+\[(?!(recidive|dovecot|postfix-rbl)\])(?:.*)\]\s+Ban\s+\s*$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [2581] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-

Lines: 2581 lines, 0 ignored, 185 matched, 2396 missed
[processed in 0.48 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 2396 lines