Matt, does this mean that even if trusted_networks is set in local.cf, SpamAssassin will fire the ALL_TRUSTED rule even if it can't parse the received headers? i.e. Since there are no parsable received headers, SA will assume that all must have been trusted?
Yes I just submitted a bug on the matter.. Currently ALL_TRUSTED fires whenever there are no untrusted relays detected.. However, it fails to check that any trusted relays exist...
I opened this bug to suggest a fix for ALL_TRUSTED:
http://bugzilla.spamassassin.org/show_bug.cgi?id=3949
However, the Received: path parsing bug is something I leave up to Dave to file.
Really mis-parsed Received: headers is a serious bug, the fix to ALL_TRUSTED is just damage control.