A little update on the Spam I had been seeing recently.
After looking a little deeper, it must have been a single spammer using that tactic, and relaying the spam through a bunch of other hosts (likely compromized PCs, since many were cable modems). After a while, those particular faked Received: header styles were not showing up as often.
I’ve added a couple more RBLs and RHSBLs, updated SpamAssassin, and tweaked some default scores, and things seem to have gotten happier.
The number of rejections at the MTA level has held steady, but the overall volume has ebbed while the number of detections by SpamAssassin increased. Result: Less spam. For now.