On 10/2/13 6:30 AM, "Tony Finch" <d...@dotat.at> wrote:
> We've had a report from a user about a false positive involving
> KHOP_BIG_TO_CC which has a score of 3.4. This seems like an excessive
> penalty for perfectly reasonable behaviour.
I've also seen false positives on this. I was going to change it to 25
addresses locally, but haven't gotten around to it yet.
>
> header KHOP_BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/
> describe KHOP_BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a list
> score KHOP_BIG_TO_CC 3.199 3.399 3.199 3.399
>
> Tony.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
