I understand what you are trying to do now, and I recommend you not do this.
The biggest problem is, how do you know which servers are allowed to send mail for your domain or not? For example, CompanyX might use google mail for hosting their mail. Their domain will be "companyx.com" but the mail server would be "google.com". Would you reject that mail?
Fortunately, this has already been thought of and it is called SPF (or sender policy framework). SPF is a way to tell other mail servers which servers are allowed to send mail for your domain.
For example, I use messagelabs.com for filtering my email. Thus for my domain, example.com, I publish a DNS record that says "messagelabs.com" servers are allowed to send mail from my domain.
This feature is already built into EFA, and is taken into account when calculating the spam score.
Unfortunately, SPF is only given a small modifier to the spam score because most systems tend not to use it.
You can also consider using this plugin:
viewtopic.php?f=14&t=1777 to help modify your score. This plugin compares the sending ip address class with the mx host ip address class to help determine if this message appears to come from a legitimate sender.
The author of this plugin also wrote another plugin that helps track and effectively whitelists email addresses your users are having conversations with. Highly recommended.
Both plugins can be found here:
http://saplugin.16mb.com/
Hope this helps.
