On 10/28/2013 12:30 PM, John Hardin wrote: > On Mon, 28 Oct 2013, Axb wrote: >> I'll disable this rule. > > Convert it to a subrule, it may be useful in metas.
It is useful. I added the domain to freemail_domains (see r1533678 <https://svn.apache.org/viewvc?view=revision&revision=1533678>) to catch an old spam signature <http://ruleqa.spamassassin.org/?rule=FREEMAIL_REPLYTO> that the ISC noted <https://isc.sans.edu/diary/New+spamming+technique+-+onmicrosoft.com/16841> it is exhibiting. I don't think our list had been updated for a while, either; I found one site <http://www.zemskov.net/free-email-domains.html> that lists hundreds of domains we were missing. Either it was especially comprehensive or we're missing lots more. This should do it: header __ONMICROSOFT_REPLYTO Reply-To =~ /\@\w{5,30}\.onmicrosoft\.com\b/i meta KHOP_ONMS_REPLYTO_FREEMAIL AXB_X_ORIG_OMNIMS && !__ONMICROSOFT_REPLYTO && __freemail_replyto
signature.asc
Description: OpenPGP digital signature
