Fail2ban Rule for exim_mainlog

Dear All, I need help, from my exim_mainlog i found lot of: - 2019-01-30 00:04:55 dovecot_plain authenticator failed for (127.0.0.1 - xxx.xxx.xxx.xxx -) [127.0.0.1]:60744: 535 Incorrect authentication data (set_id=info@domain.com) - 2019-01-30 00:19:33 dovecot_plain authenticator failed for ([127.0.0.1] - xxx.xxx.xxx.xxx -) [127.0.0.1]:33466: 535 Incorrect authentication data (set_id=info@domain.com - 2019-01-29 21:06:31 dovecot_plain authenticator failed for (attacker.hostname.net - xxx.xxx.xxx.xxx -) [127.0.0.1]:49672: 535 Incorrect authentication data (set_id=noreply@domain.com) So how can i make a proper fail2ban rule to detect all those xxx.xxx.xxx.xxx ? Please help and Thank you so much