Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

EXIM - I need help to to set filters that stops on-line phamacy offerings

Discussion in 'E-mail Discussion' started by fjgaston, Jul 29, 2010.

  1. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    Since the first of the year the volume of SPAM e-mail has seemed to have doubled or tripled from last year. We are getting a lot of mail recently that is passing our HELO tests and callouts but it has clear fakery that I could test for if I knew how.

    I was looking the Internet headers on each of it and the envelope from and from address are not the same in fact the from address is pretending to be a valid email account hosted on my server. In most cases, the content of the message is about on-line pharmacy offerings.

    Wonder if this is some scripting exploit that in effect hijacks e-mail accounts within the exim service's? Ideas how to stop this?

    Regards.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. tsediting

    tsediting Member

    Joined:
    Aug 28, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    151
  3. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    168
    Outsourcing email doesn't really help webmasters ;)

    Now, if you were referencing their 'postini' product, it definitely helps.

    Are you running any blacklists on your exim config?
     
  4. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    Thank you, Lyttek, for your comment.
    I will see the blacklist config and let you know.

    regards
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    internet headers of an example...

    This is an example of an email that I was talking about:

    Internet headers
    --------------------------------------------------------------------------

    Return-path: <fjgaston@siccv.com.mx>
    Envelope-to: fjgaston@siccv.com.mx
    Delivery-date: Thu, 05 Aug 2010 10:52:40 -0500
    Received: from [2.80.222.199] (helo=bl19-222-199.dsl.telepac.pt)
    by mxsrv001tx.siccv.com.mx with smtp (Exim 4.69)
    (envelope-from <fjgaston@siccv.com.mx>)
    id 1Oh2kC-0004cc-0p
    for fjgaston@siccv.com.mx; Thu, 05 Aug 2010 10:52:32 -0500
    From: fjgaston@siccv.com.mx
    To: fjgaston@siccv.com.mx
    Subject: {Spam?} fjgaston@siccv.com.mx 46% OFF on Pfizer!
    MIME-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    X-HostingServicesSiCCV-MailScanner-Information: Please contact the ISP for more information
    X-HostingServicesSiCCV-MailScanner-ID: 1Oh2kC-0004cc-0p
    X-HostingServicesSiCCV-MailScanner: Found to be clean
    X-HostingServicesSiCCV-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
    score=12.21, required 5, BAYES_99 5.00, HELO_DYNAMIC_HCC 4.29,
    MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_ILLEGAL_IP 1.91,
    RCVD_IN_PBL 0.91, RDNS_NONE 0.10)
    X-HostingServicesSiCCV-MailScanner-SpamScore: ssssssssssss
    X-HostingServicesSiCCV-MailScanner-From: fjgaston@siccv.com.mx
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. DGermancp

    DGermancp Active Member

    Joined:
    Feb 25, 2006
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    NJ, USA
    cPanel Access Level:
    Reseller Owner
    I'm confused, headers in your example:

    X-HostingServicesSiCCV-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
    score=12.21, required 5, BAYES_99 5.00, HELO_DYNAMIC_HCC 4.29,
    MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_ILLEGAL_IP 1.91,
    RCVD_IN_PBL 0.91, RDNS_NONE 0.10)
    X-HostingServicesSiCCV-MailScanner-SpamScore: ssssssssssss


    Seem to indicate that the message is spam, Can you clarify.
     
  7. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    151
    Yes, it is.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice