The FromNotReplyTo Plugin

Checks if 'From:' is equal to 'Reply-To:' and set point if this is not the case.

Code

local.cf

loadplugin FromNotReplyTo plugins/FromNotReplyTo.pm
header FROM_NOT_REPLYTO eval:check_for_from_not_reply_to()
score FROM_NOT_REPLYTO 2.0
describe FROM_NOT_REPLYTO From: does not match Reply-To:

FromNotReplyTo.pm

package FromNotReplyTo;
1;

use strict;

use Mail::SpamAssassin;
use Mail::SpamAssassin::Plugin;
our @ISA = qw(Mail::SpamAssassin::Plugin);


sub new {
	my ($class, $mailsa) = @_;
	$class = ref($class) || $class;
	my $self = $class->SUPER::new( $mailsa );
	bless ($self, $class);
	$self->register_eval_rule ( 'check_for_from_not_reply_to' );
	
	return $self;
}


# Often spam uses different From: and Reply-To:
# while most legitimate e-mails does not.
sub check_for_from_not_reply_to {
	my ($self, $msg) = @_;

	my $from = $msg->get( 'From:addr' );
	my $replyTo = $msg->get( 'Reply-To:addr' );

	#Mail::SpamAssassin::Plugin::dbg( "FromNotReplyTo: Comparing '$from'/'$replyTo" );

	if ( $from ne '' && $replyTo ne '' && $from ne $replyTo ) {
		return 1;
	}

	return 0;
}

How To Use It

Simply drop FromNotReplyTo.pm into /etc/spamassasin/plugin/ (or whereever your configuration is put).

Caveats

It is a very simple plugin, so it should be used with care.

  • No labels