I've been looking into this a fair amount.

There are several good rulesets on the sendmail.org web pages.  Basically,
here's what you want to do:

1.  You can have a check_mail rule which refuses mail from invalid
domains, and also refuses mail from any number of domains you distrust.

2.  You can have a check_rcpt rule which refuses any mail that comes
from a remote system, and is to a remote system; this prevents spammers
from using your mailer to get around someone else's mailblocks.

Real Soon Now there will be more pointers to this on my web page,
for now, http://spam.abuse.net/ has some good pointers.

-s