Ensure we REJECT when we don't have a DMARC policy

This restores the old behaviour

core/rspamd/conf/force_actions.conf

@@ -0,0 +1,7 @@
+rules {
+  WHITELIST_EXCEPTION {
+    action = "reject";
+    expression = "(AUTH_NA|BLACKLIST_ANTISPOOF) & IS_LOCAL_DOMAIN";
+    message = "Rejected (anti-spoofing)";
+  }
+}

core/rspamd/conf/multimap.conf

@@ -0,0 +1,5 @@
+IS_LOCAL_DOMAIN {
+  type = "from";
+  filter = "email:domain";
+  map = "http://{{ ADMIN_ADDRESS }}/internal/rspamd/local_domains";
+}