trusted_networks ip.add.re.ss[/mask] ... (default: none)
What networks or hosts are 'trusted' in your setup.
Trusted in this case means that relay hosts on these networks are considered to not be potentially operated by spammers, open relays, or open proxies. A trusted host could conceivably relay spam, but will not originate it, and will not forge header data. DNS blacklist checks will never query for hosts on these networks. See
TrustPath - Spamassassin Wiki for more information.
MXes for your domain(s) and internal relays should
also be specified using the internal_networks setting. When there are 'trusted' hosts that are not MXes or internal relays for your domain(s) they should
only be specified in trusted_networks.
If a /mask is specified, it's considered a CIDR-style 'netmask', specified in bits. If it is not specified, but less than 4 octets are specified with a trailing dot, that's considered a mask to allow all addresses in the remaining octets. If a mask is not specified, and there is not trailing dot, then just the single IP address specified is used, as if the mask was /32.
If a network or host address is prefaced by a ! the network or host will be excluded (or included) in a first listed match fashion.