I solved, in case it will help some lazy peple here the jail.conf settings:

[pma]

enabled = true
filter = pma
action =  iptables-multiport[name=apache, port=http]
logpath = /yourpath/*access_log

[pma_ssl]

enabled = true
filter = pma
action =  iptables-multiport[name=apache, port=https]
logpath = /yourpath/*access_log

and this for pma.conf filter

[Definition]
# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching.
# Values:  TEXT
#
failregex = <HOST> -.*"GET \/phpmyadmin\/ HTTP.*" 401 (885|981)
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

Reading from my graphs I can see that since I enabled fail2ban
my average CPU increased of a 0.50%...

Have you noticed the same?

PS (My log isn't so big because I rotate it everyday after backup them)...

Using things that will use more CPU will tend to cause your system to use more CPU.

0.50% had seemed quite a big increase for a service like that,
ok no problem, it works good...
thanks.

I only use it for dovecot and the amount of cpu time used is minimal.

Use 'top' then shift-t (to sort by cpu time) to see the usage picture for your server.

yes with the configuration I setted:
apache
php injection
dovecot
ssh
phpmyadmin
squirrelmail

it eats a lot of cpu, I don't like to waste resources, specially when they are shared.
probably I need to remove some filter...

every filter adds some work for CPU,
also by using only dovecot CPU never goes in idle,
with all filters enabled (the one I mentioned previously)
it eats 0.50, with dovecot only about 0.30%...

I can see a +0.50% from dashboard in the average cpu load, 0.50% it's quite impressive...

EDIT: 0.50 isn't referred to the 0.50 I thought, I mean the output of uptime command.
0.50 is really 0.50% of 100% available of a quad core.

ok this is really reasonable, I will enable all the filter again
Now I also optimized the regular expressions to makes better matching and reduce cpu usage a little, it worked good on heavy load.

Benchmarking linode I noticed that with 50 connections fail2ban increased less than 0.7/10 on my quad core cpu load, ok, it's reasonable...

Thanks to all, I finished writing on this thread
bye.

The "load average" displayed by uptime is something completely different than "CPU load"!

ok ok, I understood it now, thanks.

Have you thought about not using usernames and passwords at all and using keys instead? This is what I do. I also have all ports disabled by default and only the ports I need open. Oh, and fail2ban works well too.

Do you have key only for squirrelmail, phpmyadmin, apache auth and you have disabled their ports?