Resurrecting an old thread but.... Lately I see a lot of false hits on FSL_RU_URL The only place in the email where .ru is, is in envelope-from , from, and the received headers, this is supposed to be from 72_active.cf:uri FSL_RU_URL /[^\/]+\.ru(?:$|\/|\?)/i
(those also on the c-nsp list may also be seeing the same?) This only started recently. Cheers
signature.asc
Description: This is a digitally signed message part
