Recently I’ve seen a report of a bug regarding crowdsec and nextcloud (an older one with other modules: Crowdsec not banning) but unaware if something similar happens with postfix.
ns8-crowdsec readme.
Maybe a run of crowdsec’s cscli explain can bring some light on what happens when it processes the postfix log.
runagent -m crowdsec1 cscli explain --file "dontknowthepathtopostfixlogfile" --type <typecorrespondingtopostfix-maybe-syslog-or-maybe-not> # or --log instead of file to specify a line
…or similar.
extended ban time: should be possible form command line but better if devs tweak the UI, if your request is considered valid.
You can sign-up for free (see pricing for feature comparison) and get your enrollment key (creating an account on https://app.crowdsec.net)