Only run validatesender if the client is untrusted.
This means that validatesender will get run once when
the message arrives from outside but not as relayed
internally and run through spam checking.
Previously we were running validatesender twice for
each incoming message, and the second one was redundant.