If you're calling SpamAssassin from inside an MTA or a gateway that performs scans during the SMTP transaction, you need to watch out for some slight differences in how SA needs to be called.
First of all, SA expects to find the names, HELO data, and IP addresses used in the SMTP transaction in the top-most Received header. If the gateway code doesn't add at least a pseudo-header containing this data, SA will not perform lookups correctly. See \[http://bugzilla.spamassassin.org/show_bug .cgi?id= 2860 bug 2860\] for a case where a sendmail 'milter' apparently did not provide this info, resulting in false positives. Wiki Markup
Also, for some of the newer anti-spam schemes, we also need to know what the 'envelope sender' of the mail was – see EnvelopeSenderInReceived. If you can pass this data in as well, that helps