rules {
  ANTISPOOF_NOAUTH {
    action = "reject";
    expression = "(IS_LOCAL_DOMAIN_E & MISSING_FROM) | (IS_LOCAL_DOMAIN_H & (R_DKIM_NA & R_SPF_NA & DMARC_NA & ARC_NA))";
    message = "Rejected (anti-spoofing noauth)";
  }
  ANTISPOOF_DMARC_ENFORCE_LOCAL {
    action = "reject";
    expression = "((IS_LOCAL_DOMAIN_H | IS_LOCAL_DOMAIN_E) & (DMARC_POLICY_SOFTFAIL | DMARC_POLICY_REJECT | DMARC_POLICY_QUARANTINE)";
    message = "Rejected (anti-spoofing DMARC-enforce for local domains)";
  }
  ANTISPOOF_AUTH_FAILED {
    action = "reject";
    expression = "BLACKLIST_ANTISPOOF";
    message = "Rejected (anti-spoofing auth-failed)";
  }
}