--- lib/Mail/SpamAssassin/Conf/Parser.pm	(revision 1873634)
+++ lib/Mail/SpamAssassin/Conf/Parser.pm	(working copy)
@@ -1244,9 +1244,9 @@ 
     # no re "strict";  # since perl 5.21.8: Ranges of ASCII printables...
     if ($text =~ /^exists:(.*)/) {
       my $hdr = $1;
-      # never evaled, so can be quite generous with the name
       # check :addr etc header options
-      if ($hdr !~ /^[^:\s]+:?$/) {
+      # $hdr used in eval text, validate carefully
+      if ($hdr !~ /^[\w.-]+:?$/) {
         $self->lint_warn("config: invalid head test $name header: $hdr");
         return;
       }
@@ -1254,7 +1254,8 @@ 
       $conf->{test_opt_header}->{$name} = $hdr;
       $conf->{test_opt_exists}->{$name} = 1;
     } else {
-      if ($text !~ /^([^:\s]+(?:\:|(?:\:[a-z]+){1,2})?)\s*([=!]~)\s*(.+)$/) {
+      # $hdr used in eval text, validate carefully
+      if ($text !~ /^([\w.-]+(?:\:|(?:\:[a-z]+){1,2})?)\s*([=!]~)\s*(.+)$/) {
         $self->lint_warn("config: invalid head test $name: $text");
         return;
       }
--- lib/Mail/SpamAssassin/Plugin/Check.pm	(revision 1873634)
+++ lib/Mail/SpamAssassin/Plugin/Check.pm	(working copy)
@@ -716,7 +716,7 @@ 
     }
 
     my $def = $conf->{test_opt_unset}->{$rulename};
-    push(@{ $ordered{$hdrname . (!defined $def ? '' : "\t".$def)} },
+    push(@{ $ordered{$hdrname . (!defined $def ? '' : "\t$rulename")} },
          $rulename);
 
     return if ($opts{doing_user_rules} &&
@@ -740,7 +740,8 @@ 
       my($hdrname, $def) = split(/\t/, $k, 2);
       $self->push_evalstr_prefix($pms, '
         $hval = $self->get(q{'.$hdrname.'}, ' .
-                           (!defined($def) ? 'undef' : 'q{'.$def.'}') . ');
+                           (!defined($def) ? 'undef' :
+                              '$self->{conf}->{test_opt_unset}->{q{'.$def.'}}') . ');
       ');
       foreach my $rulename (@{$v}) {
           my $tc_ref = $testcode{$rulename};