We find FREEMAIL_REPLYTO to be quite successful at weeding out spam so we
raised up to 9.1. i.e. with this in local.cf:
score FREEMAIL_REPLYTO 9.1
However, it causes a false positive with FREEMAIL_REPLYTO and it got me
very curious:
Here's a sanitized minimal example that triggers this (indented by 4
spaces):
Date: Wed, 8 Mar 2017 03:20:05 +0000 (UTC)
From: Winston <some...@yahoo.com>
To: Kipper <u...@example.com>
Subject: foo
Reply-To: Winston <some...@yahoo.com>
> From: Kipper <u...@example.com>
> To: Winston <some...@yahoo.com>, innocentbystan...@ymail.com
> Subject: bar
Reports:
* 9.1 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different
* freemails
The problem is caused by innocentbytan...@ymail.com IN THE BODY!
This seems a bit overzealous. It seems like a bit of an over-reach to look
at headers in the BODY of the message.
This is an excellent rule except for this rude message body cavity search!
I suggest only searching the headers in this rule.
If you really feel it aught to search the body like this, can you please
split it into 2 rules:
1) the existing rule which searches the body+headers, and
2) a second that only searches the headers.
