The FromNotReplyTo Plugin
Checks if 'From:' is equal to 'Reply-To:' and set point if this is not the case.
Code
local.cf
loadplugin FromNotReplyTo plugins/FromNotReplyTo.pm header FROM_NOT_REPLYTO eval:check_for_from_not_reply_to() score FROM_NOT_REPLYTO 2.0 describe FROM_NOT_REPLYTO From: does not match Reply-To:
FromNotReplyTo.pm
package FromNotReplyTo; 1; use strict; use Mail::SpamAssassin; use Mail::SpamAssassin::Plugin; our @ISA = qw(Mail::SpamAssassin::Plugin); sub new { my ($class, $mailsa) = @_; $class = ref($class) || $class; my $self = $class->SUPER::new( $mailsa ); bless ($self, $class); $self->register_eval_rule ( 'check_for_from_not_reply_to' ); return $self; } # Often spam uses different From: and Reply-To: # while most legitimate e-mails does not. sub check_for_from_not_reply_to { my ($self, $msg) = @_; my $from = $msg->get( 'From:addr' ); my $replyTo = $msg->get( 'Reply-To:addr' ); #Mail::SpamAssassin::Plugin::dbg( "FromNotReplyTo: Comparing '$from'/'$replyTo" ); if ( $from ne '' && $replyTo ne '' && $from ne $replyTo ) { return 1; } return 0; }
How To Use It
Simply drop FromNotReplyTo.pm into /etc/spamassasin/plugin/ (or whereever your configuration is put).
Caveats
It is a very simple plugin, so it should be used with care.