FROM_RETURNPATH_MISMATCH

[Joey J <ja...@gmail.com>]

Hello All,

I'm trying to understand why SA keeps scoring this rule, when the sender
only has their from address, no reply to etc, nothing helping me to
understand why.

I'm guessing here, but this would be where the reply to differs from the
from?

Any assistance appreciated.

-- 
Thanks!
Joey

Re: FROM_RETURNPATH_MISMATCH

[Joey J <ja...@gmail.com>]

Thank you all.

Someone internally must have seen that rule and added it, I think I'm going
to pull it out as it has way too many false positives.
I took the assumption (we know) that it was one of the base rules.

On Fri, Apr 28, 2023 at 11:43 AM Matus UHLAR - fantomas <uh...@fantomas.sk>
wrote:

> On 28.04.23 10:58, Joey J wrote:
> >I'm trying to understand why SA keeps scoring this rule, when the sender
> >only has their from address, no reply to etc, nothing helping me to
> >understand why.
> >
> >I'm guessing here, but this would be where the reply to differs from the
> >from?
> >
> >Any assistance appreciated.
>
> I don't see FROM_RETURNPATH_MISMATCH in spamassassin rules, perhaps you
> fetched it from 3rd
> party source?
>
> maybe from here:
>
>
> https://www.lexo.ch/blog/2018/07/solved-spf-setting-does-not-apply-to-return-path-causing-more-spam-and-phishing-e-mails-spamassassin-postfix/
>
> however, that is quite complicated regex and quite possibly wrong,.
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Despite the cost of living, have you noticed how popular it remains?
>


-- 
Thanks!
Joey

Re: FROM_RETURNPATH_MISMATCH

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

On 28.04.23 10:58, Joey J wrote:
>I'm trying to understand why SA keeps scoring this rule, when the sender
>only has their from address, no reply to etc, nothing helping me to
>understand why.
>
>I'm guessing here, but this would be where the reply to differs from the
>from?
>
>Any assistance appreciated.

I don't see FROM_RETURNPATH_MISMATCH in spamassassin rules, perhaps you fetched it from 3rd 
party source?

maybe from here:

https://www.lexo.ch/blog/2018/07/solved-spf-setting-does-not-apply-to-return-path-causing-more-spam-and-phishing-e-mails-spamassassin-postfix/

however, that is quite complicated regex and quite possibly wrong,.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Despite the cost of living, have you noticed how popular it remains?

Re: FROM_RETURNPATH_MISMATCH

[Bill Cole <sa...@billmail.scconsult.com>]

On 2023-04-28 at 10:58:52 UTC-0400 (Fri, 28 Apr 2023 10:58:52 -0400)
Joey J <ja...@gmail.com>
is rumored to have said:

> Hello All,
>
> I'm trying to understand why SA keeps scoring this rule, when the 
> sender
> only has their from address, no reply to etc, nothing helping me to
> understand why.
>
> I'm guessing here, but this would be where the reply to differs from 
> the
> from?

FROM_RETURNPATH_MISMATCH is not in the current ruleset from the default 
rule channel nor is it in the widely-used KAM ruleset (maintained by a 
PMC-member, but not part of the SA Project proper.)

Hence, that rule is part of your local customization of SpamAssassin.

> Any assistance appreciated.

Well, my ***GUESS*** based on the name is that a rule called 
FROM_RETURNPATH_MISMATCH would be when the SMTP envelope sender 
(RFC5321.MailFrom, in RFC 5598 terminology, often preserved in a 
Return-Path header during delivery) and the message header From address 
(RFC5322.From) which are not intrinsically identical but usually are in 
person-to-person email.

The *actual* definition of that rule will be somewhere in your SA 
config, most likely in /etc/mail/spamassassin/local.cf

-- 
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire