[Rspamd] Fix spoofing detection

data/conf/rspamd/local.d/composites.conf

@@ -17,6 +17,6 @@ SOGO_CONTACT_SPOOFED {
   expression = "(R_SPF_PERMFAIL | R_SPF_SOFTFAIL | R_SPF_FAIL) & ~SOGO_CONTACT";
 }
 SPOOFED_UNAUTH {
-  expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !R_SPF_ALLOW & !DMARC_POLICY_ALLOW & !ARC_ALLOW & !SIEVE_HOST";
+  expression = "!MAILCOW_AUTH & !MAILCOW_WHITE & !R_SPF_ALLOW & !DMARC_POLICY_ALLOW & !ARC_ALLOW & !SIEVE_HOST & MAILCOW_DOMAIN_HEADER_FROM";
   score = 5.0;
 }

data/conf/rspamd/local.d/multimap.conf

@@ -89,3 +89,10 @@ SIEVE_HOST {
   map = "$LOCAL_CONFDIR/custom/dovecot_trusted.map";
   symbols_set = ["SIEVE_HOST"];
 }
+
+MAILCOW_DOMAIN_HEADER_FROM { 
+  type = "header";  
+  header = "from";  
+  filter = "email:domain";  
+  map = "redis://DOMAIN_MAP"; 
+}