I just received a spam email which included its own DSPAM headers (imitation is the sincerest form of flattery!), including:
The message also had legitimate DSPAM headers added by my dspam at the very end of the headers, but when I sent the message to dspamc for retraining, it errored out at the bogus header:
Feb 1 12:07:41 xxx dspam[xxx]: Signature retrieval for '1,510c1e2526783905217225' failed
Feb 1 12:07:41 xxx dspam[xxx]: Unable to find a valid signature. Aborting.
Perhaps dspam should keep looking if lookup fails, instead of giving up immediately?
Walking the headers backwards would also work for me since dspam's are at the end, but I could see that breaking with more complicated email flows that might involve passing through more than one dspam instance.