this works for me

core/rspamd/conf/force_actions.conf

@@ -1,7 +1,17 @@
 rules {
-  ANTISPOOF {
+  ANTISPOOF_NOAUTH {
     action = "reject";
-    expression = "((R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA)|BLACKLIST_ANTISPOOF) & IS_LOCAL_DOMAIN";
+    expression = "(IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA))";
-    message = "Rejected (anti-spoofing)";
+    message = "Rejected (anti-spoofing noauth)";
+  }
+  ANTISPOOF_DMARC_ENFORCE_LOCAL {
+    action = "reject";
+    expression = "((IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE)";
+    message = "Rejected (anti-spoofing DMARC-enforce for local domains)";
+  }
+  ANTISPOOF_AUTH_FAILED {
+    action = "reject";
+    expression = "BLACKLIST_ANTISPOOF";
+    message = "Rejected (anti-spoofing auth-failed)";
   }
 }

core/rspamd/conf/multimap.conf

@@ -1,5 +1,11 @@
-IS_LOCAL_DOMAIN {
+IS_LOCAL_DOMAIN_H {
-  type = "from";
+  type = "selector"
-  filter = "email:domain";
+  selector = "from('mime'):domain";
+  map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
+}
+
+IS_LOCAL_DOMAIN_E {
+  type = "selector"
+  selector = "from('smtp'):domain";
   map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
 }

core/rspamd/conf/whitelist.conf

@@ -3,6 +3,6 @@ rules {
             valid_dmarc = true;
             blacklist = true;
             domains = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
-            score = 15.0;
+	    score = 99.0;
         }
 }