Mailing List Archive

On 28.04.23 10:58, Joey J wrote:
>I'm trying to understand why SA keeps scoring this rule, when the sender
>only has their from address, no reply to etc, nothing helping me to
>understand why.
>
>I'm guessing here, but this would be where the reply to differs from the
>from?
>
>Any assistance appreciated.

I don't see FROM_RETURNPATH_MISMATCH in spamassassin rules, perhaps you fetched it from 3rd
party source?

maybe from here:

https://www.lexo.ch/blog/2018/07/solved-spf-setting-does-not-apply-to-return-path-causing-more-spam-and-phishing-e-mails-spamassassin-postfix/

however, that is quite complicated regex and quite possibly wrong,.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?

On 2023-04-28 at 10:58:52 UTC-0400 (Fri, 28 Apr 2023 10:58:52 -0400)
Joey J <jacklistmail@gmail.com>
is rumored to have said:

> Hello All,
>
> I'm trying to understand why SA keeps scoring this rule, when the
> sender
> only has their from address, no reply to etc, nothing helping me to
> understand why.
>
> I'm guessing here, but this would be where the reply to differs from
> the
> from?

FROM_RETURNPATH_MISMATCH is not in the current ruleset from the default
rule channel nor is it in the widely-used KAM ruleset (maintained by a
PMC-member, but not part of the SA Project proper.)

Hence, that rule is part of your local customization of SpamAssassin.

> Any assistance appreciated.

Well, my ***GUESS*** based on the name is that a rule called
FROM_RETURNPATH_MISMATCH would be when the SMTP envelope sender
(RFC5321.MailFrom, in RFC 5598 terminology, often preserved in a
Return-Path header during delivery) and the message header From address
(RFC5322.From) which are not intrinsically identical but usually are in
person-to-person email.

The *actual* definition of that rule will be somewhere in your SA
config, most likely in /etc/mail/spamassassin/local.cf

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Thank you all.

Someone internally must have seen that rule and added it, I think I'm going
to pull it out as it has way too many false positives.
I took the assumption (we know) that it was one of the base rules.

On Fri, Apr 28, 2023 at 11:43?AM Matus UHLAR - fantomas <uhlar@fantomas.sk>
wrote:

> On 28.04.23 10:58, Joey J wrote:
> >I'm trying to understand why SA keeps scoring this rule, when the sender
> >only has their from address, no reply to etc, nothing helping me to
> >understand why.
> >
> >I'm guessing here, but this would be where the reply to differs from the
> >from?
> >
> >Any assistance appreciated.
>
> I don't see FROM_RETURNPATH_MISMATCH in spamassassin rules, perhaps you
> fetched it from 3rd
> party source?
>
> maybe from here:
>
>
> https://www.lexo.ch/blog/2018/07/solved-spf-setting-does-not-apply-to-return-path-causing-more-spam-and-phishing-e-mails-spamassassin-postfix/
>
> however, that is quite complicated regex and quite possibly wrong,.
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Despite the cost of living, have you noticed how popular it remains?
>


--
Thanks!
Joey