THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Note that each of trusted_networks and internal_networks default to taking the value of the other if unset. See the Mail::SpamAssassin::Conf man page for details. Therefore once either is set then either must be fully declared. For example if several IPs are placed in trusted_networks that value list will be defaulted into internal_networks if internal_networks is not set. But if internal_networks is set to even a single IP value then this will not occur. In that case processing which depends upon a correct internal_networks configuration such as RCVD_IN_SORBS_DUL will not be triggered. If you set both trusted_networks and internal_networks then both must be fully specified. A simpler configuration is to set only the trusted_networks parameter and allow the internal_networks parameter to default to that value. An easy trap to fall into is to only partially specify one or the other.
Why should trusted_networks and internal_networks ever be different?
A mail relay that you want to trust in trusted_networks may itself trust its own internal dynamic IP networks. You may trust them not to be a spam source but putting them into your internal_networks list would create a false positive because then those dynamic IPs would be searched for in the DUL lists. This is an example where the two lists need to be different.