Python – fail2ban regex that uses less CPU

Using fail2ban, I want to ban these spammers who are sending to a spamtrap address:

Oct 27 09:04:22 si68 postfix/smtpd[3240]: NOQUEUE: reject: RCPT from unknown[117.197.114.222]: 550 5.7.1 <spamtrap@example.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: odwsgs.com, MTA hostname: unknown[117.197.114.222] (helo/hostname mismatch); from=<info.manager@nacha.org> to=<spamtrap@example.com> proto=ESMTP helo=<odwsgs.com>
Oct 27 09:08:51 si68 postfix/smtpd[32646]: NOQUEUE: reject: RCPT from unknown[182.177.131.71]: 550 5.7.1 <spamtrap@example.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; MTA helo: rigplj.com, MTA hostname: unknown[182.177.131.71] (helo/hostname mismatch); from=<account.manager@nacha.org> to=<spamtrap@example.com> proto=ESMTP helo=<rigplj.com>
Oct 27 12:42:09 si68 postfix/smtpd[22119]: NOQUEUE: reject: RCPT from unknown[70.39.119.76]: 550 5.7.1 <spamtrap@example.com>: Recipient address rejected: temporarily blocked because of previous errors - retrying too fast. penalty: 30 seconds x 0 retries.; from=<jameshoward@bk.ru> to=<spamtrap@example.com> proto=ESMTP helo=<CT623.local>
Oct 27 14:03:12 si68 postfix/smtpd[30183]: NOQUEUE: reject: RCPT from unknown[91.79.137.194]: 550 5.7.1 <spamtrap@example.com>: Recipient address rejected: Mail appeared to be SPAM or forged. Ask your Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed from DNSBLs; please relay via your ISP (mchi.org); Please use DynDNS; from=<bvioj@mchi.org> to=<spamtrap@example.com> proto=SMTP helo=<ppp91-79-137-194.pppoe.mtu-net.ru>
Oct 27 22:00:28 si68 postfix/smtpd[18310]: NOQUEUE: reject: RCPT from unknown[96.31.94.71]: 550 5.1.1 <spamtrap@example.com>: Recipient address rejected: User unknown; from=<onsite@ipr-management-mail.com> to=<spamtrap@example.com> proto=ESMTP helo=<ipr-management-mail.com>
Oct 28 00:40:00 si68 postfix/smtpd[18319]: NOQUEUE: reject: RCPT from unknown[63.141.229.165]: 550 5.1.1 <spamtrap@example.com>: Recipient address rejected: User unknown; from=<info@nnamedia.com> to=<spamtrap@example.com> proto=SMTP helo=<mx1.nnamedia.com>
Oct 28 04:05:14 si68 postfix/smtpd[9519]: NOQUEUE: reject: RCPT from unknown[70.39.119.76]: 550 5.7.1 <spamtrap@example.com>: Recipient address rejected: Your MTA is listed in too many DNSBLs; check http://www.robtex.com/rbl/70.39.119.76.html; from=<jameshoward@bk.ru> to=<spamtrap@example.com> proto=ESMTP helo=<CT623.local>

I'm not very good at regular expressions, but I came up with this:

[Definition]
failregex = reject: RCPT from (.*)\[<HOST>\]: (.*)spamtrap

However, when I test the above regex against the (46MB) maillog like so:

fail2ban-regex /var/log/maillog 'failregex = reject: RCPT from (.*)\[<HOST>\]: (.*)spamtrap'

The CPU goes nuts trying to process it. I figure the regex could be written more efficiently. Any suggestions?

Update: The IPs in the logfile above are only rejected for the particular transactions above. I want to completely block them. That is just a very small log excerpt. The very same spammer IPs aren't ONLY sending to spamtrap addresses, but also sending to real valid recipients, and are getting through.

In other words, I'd like to ban them the MOMENT they try the spamtrap address — thus preventing further mails from the same IP from getting to a real person.