diff -rud Mail-SpamAssassin-3.3.1/lib/Mail/SpamAssassin/Message/Metadata/Received.pm Mail-SpamAssassin-3.3.1+auth-via-trustrelay-is-like-msa/lib/Mail/SpamAssassin/Message/Metadata/Received.pm
--- Mail-SpamAssassin-3.3.1/lib/Mail/SpamAssassin/Message/Metadata/Received.pm	2010-03-16 15:49:21.000000000 +0100
+++ Mail-SpamAssassin-3.3.1+auth-via-trustrelay-is-like-msa/lib/Mail/SpamAssassin/Message/Metadata/Received.pm	2010-05-06 18:22:13.000000000 +0200
@@ -189,22 +189,22 @@
 	}
 
       } else {
-	# trusted_networks matches?
-	if (!$relay->{auth} && !$trusted->contains_ip($relay->{ip})) {
-	  $in_trusted = 0;
-	  $in_internal = 0;	# if it's not trusted it's not internal
-	} else {
-	  # internal_networks matches?
-	  if ($in_internal && !$relay->{auth} && !$internal->contains_ip($relay->{ip})) {
-	    $in_internal = 0;
-	  }
-	  # msa_networks matches?
-	  if ($msa->contains_ip($relay->{ip})) {
-	    dbg('received-header: found MSA relay, remaining relays will be'.
-		' considered trusted: '.($in_trusted ? 'yes' : 'no').
+	# internal_networks matches?
+	if ($in_internal && !$internal->contains_ip($relay->{ip})) {
+	  $in_internal = 0;
+	}
+
+	# acting like an MSA or msa_networks matches?
+	if ($relay->{auth} || $msa->contains_ip($relay->{ip})) {
+	  dbg('received-header: found MSA relay, remaining relays will be'.
+		' considered trusted: yes'.
 		' internal: '.($in_internal ? 'yes' : 'no'));
-	    $found_msa = 1;
-	    $relay->{msa} = 1;
+	  $found_msa = 1;
+	  $relay->{msa} = 1;
+	} else {
+	  # trusted_networks matches?
+	  if (!$trusted->contains_ip($relay->{ip})) {
+	    $in_trusted = 0;
 	  }
 	}
       }