SpamAssassin Custom Scores

I have found that the following set of SpamAssassin custom scores on my email server work well when combined with SpamList running on a pfSense firewall.

score AXB_X_FF_SEZ_S 4
score BODY_ENHANCEMENT2 5
score DIET_1 1
score DKIM_ADSP_NXDOMAIN 2
score FSL_HELO_NON_FQDN_1 1
score GAPPY_SUBJECT 3
score HELO_DYNAMIC_IPADDR 3
score HTTPS_HTTP_MISMATCH 3
score LOTS_OF_MONEY 1
score MALFORMED_FREEMAIL 2
score NO_DNS_FOR_FROM 2
score PLING_QUERY 3
score RCVD_DOUBLE_IP_SPAM 4
score RCVD_IN_BL_SPAMCOP_NET 4
score RCVD_IN_BRBL_LASTEXT 6
score RCVD_IN_MSPIKE_BL 4
score RCVD_IN_PSBL 4
score RCVD_IN_RP_RNBL 5
score RCVD_IN_SBL 3
score RCVD_IN_SBL_CSS 4
score RCVD_IN_SORBS_SOCKS 4
score RCVD_IN_SORBS_WEB 5
score RCVD_IN_XBL 4
score RDNS_NONE 4
score RDNS_DYNAMIC 4
score SERGIO_SUBJECT_PORN014 6
score SPF_FAIL 4
score SPF_HELO_SOFTFAIL 2
score SPF_NEUTRAL 4
score SPF_SOFTFAIL 5
score T_DKIM_INVALID 5
score T_SPF_PERMERROR 6
score T_SPF_TEMPERROR 4
score TVD_RCVD_IP 1
score UNPARSEABLE_RELAY 3
score URIBL_DBL_ABUSE_SPAM 4
score URIBL_DBL_SPAM 5
score URIBL_SBL 2
score URIBL_SBL_A 2
score URIBL_JP_SURBL 6

These scores are applied in /etc/spamassassin/local.cf after the required_score entry, which I have set to 2.0.

Note that these scores will block emails from servers that have configured SPF incorrectly.  They will also block servers that do not have reverse DNS setup correctly, which eliminates most compromised machines that are being used to send out spam.