I feel like this comes up often enough, people not having trusted_networks or internal_networks set.
Probably for most people it's unnecessary. But if you have some server relaying / forwarding mail to your server, and you don't have one of these set, spamassassin is using the IP address of that relaying server for blacklist lookups, which is not useful. And all you have to do is add a line to your local.cf containing: trusted_networks IP Where "IP" is the IP address of the relaying machine. You can have multiple, separated by a space. Often, it seems, people are getting email relayed and have forgotten about it. So to look for that, you can add to your local.cf: add_header all RelaysUntrusted _RELAYSUNTRUSTED_ Then wait till you get a bunch of email, then run something like: cat ~/Maildir/cur/* ~/Maildir/new/* | grep ^X-Spam-RelaysUntrusted | cut -d' ' -f3 | sort | uniq -c | sort -nr | less This will list the untrusted IPs you most commonly get email from. You should make sure the ones near the top aren't actually trusted relays you should add to trusted_networks. These are the related wiki pages: http://wiki.apache.org/spamassassin/TrustPath http://wiki.apache.org/spamassassin/TrustedRelays I should probably add this testing stuff somewhere. -- "I'd rather be happy than right any day." - Slartiblartfast, The Hitchhiker's Guide to the Galaxy http://www.ChaosReigns.com