Someone is trying to brute-force(?) my private mail server... very... slowly... and with changing IPs
What's the point of this kind of "attack"? The rate is much too slow to do any efficient brute-forcing, and I really doubt that someone would specifically target my tiny personal server.
The rate is slow, or the total amount of data being sent out is small? You may be seeing connections very rarely, but how do you know the bots doing the brute forcing aren't constantly saturating their uplinks, and your site is just one of many being attacked? There is no advantage for an attacker to spend a short time going after one site at a time (and triggering fail2ban), compared to attacking a huge number of servers at once, where each server only sees infrequent connections. Both can have the same rate of outgoing authentication attempts per second.
Is there anything I can do against it except banning that provider's complete IP range (or ignoring the messages, since my passwords are strong)?
Unlikely. Chances are, these are coming from a botnet or a cluster of low-cost VPSes. It is not possible to determine what other IP ranges may be being used just by seeing a few of these. If they are not on the same subnet, they cannot be predicted. You can safely ignore these connections. It is nothing more than the background noise of the internet.
Question 1 -- Unless it is a misconfiguration (as mentioned in the comments), in my experience it seems that these are automated attacks looking for accounts from which unsolicited commercial emails (or phishing attempts) can be sent from.
Question 2 -- If the range of IPs that your legitimate logins come from is knowable and small enough, it might be easier to block everything except those ranges.
I administer a small business email server, this type of probing happens almost continuously for us.
1 attempt every 1-2 hours? That's not a brute force.
Maybe its someone's iPhone with an expired password. Problably yours! Or, if you are reusing a hosting company's IP addresses, the previous "owner" could still have some email client somewhere, configured to go to [now] your IPs.
If you have the IP addresses, the least you could do is trace them.