NO! NO!, Read the headers! Note the "with HTTP" as the protocol.
That's somebody on a cable modem using a web browser, connecting to a HORDE-IMP webmail server. So the webmail server is doing the actual sending of the SMTP part, but it is adding that additonal 'Received:' header to expose the original source of the actual message, namely the user operating the broswer.
David.. that's true.. However, it shouldn't matter, as this only affects the first (in time order) Received: headers.
The later Received: headers should be an untrusted host, and that should be enough to prevent HELO_DYNAMIC_* from matching.
SA should only fire that rule when a TRUSTED host receives mail from a dynamic IP.
