DSFRS> Is ALL_TRUSTED telling me that because it came from me, it's DSFRS> assumed to be ham?
That's my interpretation,
Side note, if I may interject.. ALL_TRUSTED has nothing to do with who the message is addressed TO or From, it has to do with SA believing the message was never on any machines outside your local "trusted" network. ie: it thinks it's internal mail.
It comes to this conclusion by looking at the Recieved: headers, and often comes to the wrong conclusions when your mailserver is NATed or proxied. SA's autodetect logic assumes that all outside MTAs must have real-world IP address, and not a reserved one. Therefore, it assumes the most recent routable IP is your outside mailserver, and that the others are just internal servers.
In some networks, this is true, in others, it's not. It all depends on where your NAT occurs.
Unfortunately there is NO good algorithm that works correctly for all kinds of networks. The logic will always break down for one kind of network or another. Many have made arguments to change it, but this usually winds up just shifting the problem to an under-trust in networks which NAT their lan, but not their external MX. No automatic algorithm can correctly tell which configuration it's looking at from looking at the Received: header alone, particularly if a spammer is trying to forge headers further down the line.
Thus, if you've got a NATed mailserver, you need to set up trusted_networks by hand. This lets SA know for sure which IP's are mailservers you control. Everyhing else is untrusted. No guesswork on SA's part.
