EXIM - I need help to to set filters that stops on-line phamacy offerings

[fjgaston]

Since the first of the year the volume of SPAM e-mail has seemed to have doubled or tripled from last year. We are getting a lot of mail recently that is passing our HELO tests and callouts but it has clear fakery that I could test for if I knew how.

I was looking the Internet headers on each of it and the envelope from and from address are not the same in fact the from address is pretending to be a valid email account hosted on my server. In most cases, the content of the message is about on-line pharmacy offerings.

Wonder if this is some scripting exploit that in effect hijacks e-mail accounts within the exim service's? Ideas how to stop this?

Regards.

 

[tsediting]

google apps

get a google apps account and say goodbye to spam for good
Sign up for Google Apps

 

[Lyttek]

get a google apps account and say goodbye to spam for good
Sign up for Google Apps

Outsourcing email doesn't really help webmasters

Now, if you were referencing their 'postini' product, it definitely helps.

Are you running any blacklists on your exim config?

 

[fjgaston]

Thank you, Lyttek, for your comment.
I will see the blacklist config and let you know.

regards

 

[fjgaston]

internet headers of an example...

This is an example of an email that I was talking about:

Internet headers
--------------------------------------------------------------------------

Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Thu, 05 Aug 2010 10:52:40 -0500
Received: from [2.80.222.199] (helo=bl19-222-199.dsl.telepac.pt)
by mxsrv001tx.siccv.com.mx with smtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1Oh2kC-0004cc-0p
for [email protected]; Thu, 05 Aug 2010 10:52:32 -0500
From: [email protected]
To: [email protected]
Subject: {Spam?} [email protected] 46% OFF on Pfizer!
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-HostingServicesSiCCV-MailScanner-Information: Please contact the ISP for more information
X-HostingServicesSiCCV-MailScanner-ID: 1Oh2kC-0004cc-0p
X-HostingServicesSiCCV-MailScanner: Found to be clean
X-HostingServicesSiCCV-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=12.21, required 5, BAYES_99 5.00, HELO_DYNAMIC_HCC 4.29,
MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_ILLEGAL_IP 1.91,
RCVD_IN_PBL 0.91, RDNS_NONE 0.10)
X-HostingServicesSiCCV-MailScanner-SpamScore: ssssssssssss
X-HostingServicesSiCCV-MailScanner-From: [email protected]

 

[DGermancp]

I'm confused, headers in your example:

X-HostingServicesSiCCV-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
score=12.21, required 5, BAYES_99 5.00, HELO_DYNAMIC_HCC 4.29,
MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_ILLEGAL_IP 1.91,
RCVD_IN_PBL 0.91, RDNS_NONE 0.10)
X-HostingServicesSiCCV-MailScanner-SpamScore: ssssssssssss

Seem to indicate that the message is spam, Can you clarify.

 

[fjgaston]

Yes, it is.