regex – Mailcleaner – Fail2ban – mc-exim-filter configuration

I’m using Fail2ban on a Mailcleaner server whick works pretty good, but I want to update it to that ban hosts who want to spoofing our addresses. I’m using the “original” mc-exim-filter, but I don’t really understand how regular expressions works.

Here is an example from the log: 2021-02-26 00:02:37 H=(( ( rejected RCPT This domain does not accept mail from itself (spoofing)

I tried many combaniton based on the already existing failregexes, but it doesn’t want to ban the attackers.

Can anyone help? Thank you in advance