One of our customers forwarded us these headers of a porn spam which made it through Spamassassin:
Return-Path: <[EMAIL PROTECTED]> Received: from paypal.com ([211.111.52.7]) by merlin.boreal.org (8.12.11/8.12.11) with SMTP id i4H3CuUm007290 for <snipped>; Sun, 16 May 2004 22:12:59 -0500 (CDT)
<snip>
The customer didn't forward the whole message, but just to see if maybe this was an issue with trusted networks I ran the headers through spamassassin -D with the following results:
<snip>
debug: received-header: parsed as [ ip=211.111.52.7 rdns=paypal.com helo= by=merlin.boreal.org ident= ]
That's bad.. Notice that it thought the RDNS was paypal.com. Looks like your Received: header format is one that SA doesn't understand.
