On my freebsd 8 system with sendmail running spamassassin through spamass-milter, spamassassin couldn't tell that clients had authenticated with SMTP AUTH=PLAIN via STARTTLS encryption. The problem was that the milter creates a fake Received header for spamassassin to parse, but it doesn't pass along the equivalent of "(authenticated bits=0)" or "with ESMTPSA" or similar, which allow spamassassin to know it should skip tests for dynamic IPs etc. (see this spamassassin faq).
This patch to spamass-milter (an updated version of this one) fixes it for me. This applies to the spamass-milter 0.3.1 that has already been patched by the freebsd 8 port.
Files attached to this page: