Confusing issue regarding SPF_FAIL and local delivery

I have an extremely confusing SPF_FAIL issue that I have been looking up for around 3 hours now trying to figure out. My current setup is a single server that does everything mail related all from the same box. SMTP, POP, IMAP, MX, SpamAssassin, ClamAV, everything mail-related is all done on the same box and same IP.

The SMTP server, Exim, uses SMTP-AUTH for authorizing external users to send mail. When an external user sends an email to the same domain on the box, for example bob@domain.com sends an email to dave@domain.com, the email is obviously destined for local delivery and gets delivered fine. The issue is that for some reason SpamAssassin does an SPF lookup when the mail is delivered and decides that the SPF record fails. For some reason it is using the IP address of the external user to check against the domain's SPF record, and it gets marked as spam because of this.

The weird thing is, if I send an email to myself, spf_fail doesn't get triggered. Or, if I make a separate email account on the server, for example blah@eggycrew.com and send an email to dave@eggycrew.com, it also doesn't trigger spf_fail. The only difference between my machine and the other persons machine is that I am using an ssl-secure connection (also ran on the same box with the same IP) to send the mail.

What causes this? Why is it doing that?

SpamAssassin's trusted_network configuration caught my eye. What exactly does this do, and should I put my box's ip address in there? Would that fix the problem? I read the man page entry on trust_network and it *seems* like it might fix this issue but I just want to double check.

Lots of confusion over this issue, and I just flat don't understand it.

I do appreciate any and all help!

Thanks!