Determine what is passing messages to SA and tell it to not do that with locally-sources messages. If you use procmail to launch spamc this is pretty easy to do.
I use procmail. I could do this in /etc/procmailrc: :0fw: spamassassin.lock * < 256000 * ! From: .*mydomain.com | /usr/bin/spamc .. but presumably this would fail to scan messages with forged headers that claim to come from my network.
