diff --git a/Dockerfile b/Dockerfile
index 16db5638..7ad2b0a5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -240,7 +240,6 @@ RUN <<EOF
   rm -rf /usr/share/locale/*
   rm -rf /usr/share/man/*
   rm -rf /usr/share/doc/*
-  touch /var/log/auth.log
   update-locale
   rm /etc/postsrsd.secret
   rm /etc/cron.daily/00logwatch
diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index 792208d7..47261b66 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -153,6 +153,7 @@ function _install_fail2ban
   local FAIL2BAN_GPG_PUBLIC_KEY_SERVER='hkps://keyserver.ubuntu.com'
 
   _log 'debug' 'Installing Fail2ban'
+  apt-get "${QUIET}" --no-install-recommends install python3-pyinotify python3-dnspython
 
   gpg --keyserver "${FAIL2BAN_GPG_PUBLIC_KEY_SERVER}" --recv-keys "${FAIL2BAN_GPG_PUBLIC_KEY_ID}" 2>&1
 
diff --git a/target/scripts/startup/daemons-stack.sh b/target/scripts/startup/daemons-stack.sh
index 7f4ef7ac..3b389b6b 100644
--- a/target/scripts/startup/daemons-stack.sh
+++ b/target/scripts/startup/daemons-stack.sh
@@ -56,11 +56,6 @@ function _start_daemon_postgrey
 
 function _start_daemon_fail2ban
 {
-  touch /var/log/auth.log
-
-  # delete fail2ban.sock that probably was left here after container restart
-  [[ -e /var/run/fail2ban/fail2ban.sock ]] && rm /var/run/fail2ban/fail2ban.sock
-
   _default_start_daemon 'fail2ban'
 }
 
diff --git a/target/scripts/wrapper/fail2ban-wrapper.sh b/target/scripts/wrapper/fail2ban-wrapper.sh
deleted file mode 100755
index 32efebb5..00000000
--- a/target/scripts/wrapper/fail2ban-wrapper.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-# You cannot start fail2ban in some foreground mode and
-# it's more or less important that docker doesn't kill
-# fail2ban and its chilren if you stop the container.
-#
-# Use this script with supervisord and it will take
-# care about starting and stopping fail2ban correctly.
-#
-# supervisord config snippet for fail2ban-wrapper:
-#
-# [program:fail2ban]
-# process_name = fail2ban
-# command = /path/to/fail2ban-wrapper.sh
-# startsecs = 0
-# autorestart = false
-#
-
-trap "/usr/bin/fail2ban-client stop" SIGINT
-trap "/usr/bin/fail2ban-client stop" SIGTERM
-trap "/usr/bin/fail2ban-client reload" SIGHUP
-
-/usr/bin/fail2ban-client start
-sleep 5
-
-# wait until fail2ban is dead (triggered by trap)
-while kill -0 "$(< /var/run/fail2ban/fail2ban.pid)"
-do
-  sleep 5
-done
-
diff --git a/target/supervisor/conf.d/supervisor-app.conf b/target/supervisor/conf.d/supervisor-app.conf
index 0378187b..d3e84fdc 100644
--- a/target/supervisor/conf.d/supervisor-app.conf
+++ b/target/supervisor/conf.d/supervisor-app.conf
@@ -40,7 +40,7 @@ autostart=false
 autorestart=true
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
-command=/usr/local/bin/fail2ban-wrapper.sh
+command=/usr/bin/fail2ban-server -xf start
 
 [program:opendkim]
 startsecs=0