An informal check does show that the IPs are indeed listed. As many of them should be - there are many people using cable modems and DSL who are listed in dynablocks because they are supposed to be using their ISP's mail server. But in a situation where they do that, if the ISP records the originating IP the message still gets flagged.
This is not strictly list-based problem, either. If a listed IP appears *anywhere* in the header, it seems to still get flagged. But short of forbidding anyone in a dynablock from ever sending email to me, I'm trying to find another answer. Simply not using the lists (SORBS, Spamcop, etc) seems... a bit much to me. -Don
You've got a broken trust path. SpamAssassin, for valid reason, can not automatically configure the trust path when the SpamAssassin machine is NATed.
Add the appropriate trusted_networks lines to your local.cf. See man Mail::SpamAssassin::Conf for more info on trusted_networks.
Daryl
