We for the last couples of days we see many hits of XM_RANDOM rule on legit mail. Samples of X-Mailers it hits
> *X-Mailer:* AspQMail 2.0 4.03 (QSM260971F) > X-Mailer: WebService/1.1.18138 YahooMailAndroidMobile YMobile/1.0 (com.yahoo.mobile.client.android <http://com.yahoo.mobile.client.android/>.mail/6.27.0; Android/11; RP1A.200720.012; a52xq; samsung; SM-A526B; 5.99; 2186x1080;) > *X-Mailer:* WebService/1.1.18121 YahooMailAndroidMobile YMobile/1.0 (com.yahoo.mobile.client.android.mail/6.10.5; Android/10; QP1A.190711.020; starlte; samsung; SM-G960F; 5.68; 1450x720;) > *X-Mailer:* Traveler 11.0.2.0 Build 202010261910_30 on server DETR02/SRV/BAUHAUS/DE at 20210418173104417 by DelQ-18bc[NoticeMgr] especially the AspQMail (hits on stuff within '()') and the yahoo mailer are quite common in our message flow. Think that rule should be revised -- Cheers tobi
