...
Assuming SpamAssassin is running on 'internal.example.com', and the TrustPath on that machine is set up to trust the DMZ machine 'dmz.example.com' at 150.51.53.1 (and also consider that internal using internal_networks), and a trustworthy external machine 'friend.example.com' at 212.17.35.14, this means that the message passed through the following relays:
Wiki Markup *Untrusted* source at evil.example.net \[144.137.3.98\]Wiki Markup *Untrusted* relay at chaos.example.net \[210.73.88.134\]Wiki Markup *Untrusted* relay at loser.example.org \[61.119.13.18\]Wiki Markup *Untrusted* relay at notrust.example.com \[193.120.149.226\]Wiki Markup *Trusted* relay at friend.example.com \[212.17.35.14\]Wiki Markup *Trusted* and *internal* relay at dmz.example.com \[150.51.53.1\]Wiki Markup *Trusted* and *internal* localhost handover at internal.example.com \[127.0.0.1\] \\
A side note: the header lines for 'evil', 'chaos', and 'loser' could all be faked, for all we know, since who knows if an untrusted host is running legitimate MTA software, or is under the control of a spammer? Therefore, it's unwise to trust things you find in untrusted headers. (One exception to this is discussed at the end of this article.)
...