On Sun, Sep 25, 2016 at 03:39:20PM -0400, Alex wrote: > I think it must be something more than that. I've included the HTML > component of an FP I received, and I don't see any occurrences of an > https link where the text component is just http, or even vice-versa. > > http://pastebin.com/BNM9sLRL > > The HTML is a bit hard to read. Let me know if you want the whole > email (which is even harder, consider it's encoded, so you'd have to > actually run it through SA).
If you want to see what that rule's code looks like, here's a link: https://fossies.org/dox/Mail-SpamAssassin-3.4.1/classMail_1_1SpamAssassin_1_1Plugin_1_1HTTPSMismatch.html It's possible there is a bug in that rule. If you send it through SpamAssassin with debug enabled, the rule should print out the domain pairs that trigger it. Maybe try that, and see if what it outputs makes sense. --Sean
