Fake sender spoofing local domain

[John Glorioso]

I am running several virtual hosts on my James server and have recently become aware of spam/virus emails arriving to addresses on the server that are spoofing the Return-Path and From headers. Ex: legitimate destination address "[EMAIL PROTECTED]" getting email from non existent (or possibly real if they are lucky guessers) "[EMAIL PROTECTED]". I have recently started using spamd and Josh Parreco's spamassassin mailet and have found his SenderHostIsNotLocal matcher to be insufficient to identify that the sender is fake because it simply checks to see if foo.com is a local address. I have modified James to view my configured virtual hosts as local. That being the case, I would like to force an additional check that looks at the sending server to see if it is one of ours or not. In that case, if the from user was not legit I could ghost the message or whatever I decide to do with it. I have found the "RemoteAddrNotInNetwork" matcher and assume I could setup another processor block to check all of these conditions, but I wanted to make sure that I am not overlooking some other matcher that already does any of this. Please let me know if I am not being clear on the problem. Thanks in advance for advice.