The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

EXIM - I need help to to set filters that stops on-line phamacy offerings

Discussion in 'E-mail Discussions' started by fjgaston, Jul 29, 2010.

  1. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Since the first of the year the volume of SPAM e-mail has seemed to have doubled or tripled from last year. We are getting a lot of mail recently that is passing our HELO tests and callouts but it has clear fakery that I could test for if I knew how.

    I was looking the Internet headers on each of it and the envelope from and from address are not the same in fact the from address is pretending to be a valid email account hosted on my server. In most cases, the content of the message is about on-line pharmacy offerings.

    Wonder if this is some scripting exploit that in effect hijacks e-mail accounts within the exim service's? Ideas how to stop this?

    Regards.
     
  2. tsediting

    tsediting Member

    Joined:
    Aug 28, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
  3. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    Outsourcing email doesn't really help webmasters ;)

    Now, if you were referencing their 'postini' product, it definitely helps.

    Are you running any blacklists on your exim config?
     
  4. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thank you, Lyttek, for your comment.
    I will see the blacklist config and let you know.

    regards
     
  5. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    internet headers of an example...

    This is an example of an email that I was talking about:

    Internet headers
    --------------------------------------------------------------------------

    Return-path: <fjgaston@siccv.com.mx>
    Envelope-to: fjgaston@siccv.com.mx
    Delivery-date: Thu, 05 Aug 2010 10:52:40 -0500
    Received: from [2.80.222.199] (helo=bl19-222-199.dsl.telepac.pt)
    by mxsrv001tx.siccv.com.mx with smtp (Exim 4.69)
    (envelope-from <fjgaston@siccv.com.mx>)
    id 1Oh2kC-0004cc-0p
    for fjgaston@siccv.com.mx; Thu, 05 Aug 2010 10:52:32 -0500
    From: fjgaston@siccv.com.mx
    To: fjgaston@siccv.com.mx
    Subject: {Spam?} fjgaston@siccv.com.mx 46% OFF on Pfizer!
    MIME-Version: 1.0
    Content-Type: text/plain; charset="ISO-8859-1"
    Content-Transfer-Encoding: 7bit
    X-HostingServicesSiCCV-MailScanner-Information: Please contact the ISP for more information
    X-HostingServicesSiCCV-MailScanner-ID: 1Oh2kC-0004cc-0p
    X-HostingServicesSiCCV-MailScanner: Found to be clean
    X-HostingServicesSiCCV-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
    score=12.21, required 5, BAYES_99 5.00, HELO_DYNAMIC_HCC 4.29,
    MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_ILLEGAL_IP 1.91,
    RCVD_IN_PBL 0.91, RDNS_NONE 0.10)
    X-HostingServicesSiCCV-MailScanner-SpamScore: ssssssssssss
    X-HostingServicesSiCCV-MailScanner-From: fjgaston@siccv.com.mx
     
  6. DGermancp

    DGermancp Active Member

    Joined:
    Feb 25, 2006
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    NJ, USA
    cPanel Access Level:
    Reseller Owner
    I'm confused, headers in your example:

    X-HostingServicesSiCCV-MailScanner-SpamCheck: spam, SpamAssassin (not cached,
    score=12.21, required 5, BAYES_99 5.00, HELO_DYNAMIC_HCC 4.29,
    MISSING_DATE 0.00, MISSING_MID 0.00, RCVD_ILLEGAL_IP 1.91,
    RCVD_IN_PBL 0.91, RDNS_NONE 0.10)
    X-HostingServicesSiCCV-MailScanner-SpamScore: ssssssssssss


    Seem to indicate that the message is spam, Can you clarify.
     
  7. fjgaston

    fjgaston Member

    Joined:
    Oct 10, 2003
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Yes, it is.
     
Loading...

Share This Page