On Mon, 5 Sep 2016 13:00:14 -0700 Ian Zimmerman wrote: > On 2016-09-05 12:21, John Hardin wrote: > > > header __RP_MATCHES_RCVD > > eval:check_mailfrom_matches_rcvd() > > > > ...which means you'd need to go digging around in the perl code to > > find out what it's doing. > > > > Basically, it's a check that the return-path (the SMTP "MAIL FROM" > > envelope value, if available) matches a received header in the > > message. > > Based on the description string, I think (in fact I hope) that this is > not quite right; it's not "matches _a_ Received header" but "matches > _the_ Received header emitted by my MX host".
It's actually two rules in one, either it matches on the first-trusted rDNS or if you have no untrusted received headers it can match on any received header. I suspect you are seeing the latter case. The former is basically a poor mans SPF_PASS, and that only scores -0.001. There is a problem with this rule that it does very well as a ham indicator in rule QA, but does very badly on a lot of real mail servers, causing FNs. At one point RP_MATCHES_RCVD was converted into the unscored __RP_MATCHES_RCVD where it was dubiously allowed into meta rules. IMO it should not have been allowed back as a scored rule. Unless you've established that it does well for you I'd suggest you score RP_MATCHES_RCVD at 0 and avoid it in meta rules.