Is there any documentation about this setting, besides what's in http://www.spamassassin.org/doc/Mail_SpamAssassin_Conf.html
I'd like to understand what it does rather than see a couple of trivial examples...
My particular problem is described in http://marc.theaimsgroup.com/?l=spamassassin-users&m=108705223721279&w=2
In short, is there a way (using trusted_networks or anything else) to avoid EVERY RBL checking from a message coming from a specific IP?
No.. do not try to use trusted_networks as a form of "RBL whitelist".. that's not what it does, and there's currently no feature in SA 2.6x that does this. (And I'm not aware of one in 3.x, but I've not really checked either)
The use of the word "trusted" here is probably the largest cause of confusion, because many network admins think of "trusted" hosts as being "not sources of spam". But that's not what it means.
"trusted" in this case means "A mail server which is a part of my network, and trusted to produce non-forged Received: headers".
trusted_networks is used in only a few places. It's generally used in determining where your "network border" is when tracking through received: headers.
1) whitelist_from_rcvd... rcvd is checked against the untrusted host dropping mail off the first time an "untrusted" host drops mail off at a "trusted" host.
2) notfirsthop rbl rules are checked against IPs dropping mail off at trusted hosts. This is generally used for dialup RBLs.
3) firsttrusted rbl rules. Used for "whitelist" RBLs which need to be checked against trusted headers to prevent forgery. (such as RCVD_IN_BSP_TRUSTED). In actuality this currently works much like "notfirsthop", but they could diverge in behavior later.
4) untrusted rbl rules. Currently only used by "RCVD_IN_BSP_OTHER" It's intended to pick up any use of bondedsender in an untrusted relay, mostly for informational purposes.
