From 154522822cab90f30f81d5186c321495a767170d Mon Sep 17 00:00:00 2001
From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com>
Date: Sun, 30 Mar 2025 15:33:28 +0200
Subject: [PATCH] Add FREEMAIL_REPLYTO_NEQ_FROM rule

---
 conf/composites.conf | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/conf/composites.conf b/conf/composites.conf
index 34a6c170e5..d6c8e37736 100644
--- a/conf/composites.conf
+++ b/conf/composites.conf
@@ -171,6 +171,12 @@ composites {
     description = "Message exhibits strong characteristics of advance fee fraud (AFF a/k/a '419' spam) involving freemail addresses";
     group = "scams";
   }
+  FREEMAIL_REPLYTO_NEQ_FROM {
+    expression = "FREEMAIL_REPLYTO & !REPLYTO_EQ_FROM & !REPLYTO_ADDR_EQ_FROM & !FREEMAIL_REPLYTO_NEQ_FROM_DOM";
+    score = 2.0;
+    policy = "leave";
+    description = "Reply-To is a Freemail address and it not match From header or SMTP From, also From is not another Freemail";
+  }
   SUSPICIOUS_MDN {
     expression = "(FREEMAIL_MDN | DISPOSABLE_MDN) & !(FREEMAIL_FROM | FREEMAIL_ENVFROM)";
     score = 2.0;
-- 
2.47.3