Nice subject!
I attached a message to this email that got an incredibly low spam score. When I run the message through spamassassin -t it gets a spam score as I would expect.
I know I don't have much more details, but can anyone give me ideas why?
Content analysis details: (2.7 points, 5.0 required)
pts rule name description ---- ---------------------- -------------------------------------------------- -2.8 ALL_TRUSTED Did not pass through any untrusted hosts
ALL_TRUSTED would be why. That REALLY should never hit for mail from the outside.
Usualy this is caused by having a NATed mailserver, or some other IP configuration that confuses the automatic trust path code.
Look into manually declaring trusted_networks in your config. Only add local mailservers that add Received: headers to the list of trusted hosts.
(Note: Don't try to use trusted networks as an IP based whitelist mechanism, it's not. Trusted here means trusted to generate non-forged Received: headers, and has subtle implications on a lot of rules.)
