If this is causing the entire mail to be flagged as SPAM, we need to see the entire FP not just a hit on one rule. That rule has a max 0.8 score.
Though it does appear to be hitting on more than intended though. Anyone know what it is supposed to hit because I think it might be hitting on a lot more than intended? Regards, KAM -- Kevin A. McGrail Asst. Treasurer & VP Fundraising, Apache Software Foundation Chair Emeritus Apache SpamAssassin Project https://www.linkedin.com/in/kmcgrail - 703.798.0171 On Fri, Apr 27, 2018 at 6:03 AM, Sebastian Arcus <s.ar...@open-t.co.uk> wrote: > > On 27/04/18 10:49, Sebastian Arcus wrote: > >> I am getting some FP's with URI_TRY_3LD hitting the url get.adobe.com in >> the body of emails: >> >> Apr 27 10:45:39.330 [32173] dbg: rules: ran uri rule URI_TRY_3LD ======> >> got hit: "http://get.adobe.com" >> >> Would it be possible to add some exception to this rule - as many >> legitimate emails containing invoice attachments in pdf include the above >> url in the body. >> > > It also appears to not like some DHL url's for some reason: > > Apr 27 11:02:05.148 [32339] dbg: rules: ran uri rule URI_TRY_3LD ======> > got hit: "https://mybill.dhl.com" >