"Pharam acy" Spams... argh!

[kemis]

I'm so tired of deleting these recent (within the past 2-3 months) spams that have subjects such as:

Re: pusillanimity Pharam acy
Re: dripstone P haramacy
Re: sorority Pharama cy
Re: semiquaver Pharam acy

They all start out in the body with some random thing like:

briefly how he was doing at the airports. And Im no hero; they died too
quickly. ... Order your drinks, Im paying. They did and Bourne

And they then all have something similar to:

V 
C 
V 

I 
I 
A 

A 
A 
L 

G 
L 
I 

R 
I 
U 

A 
S 
M 

  
  
  

from 
from  
from 

$ 
$ 
$ 

3 
3 
1 

, 
, 
, 

3 
7 
2 

3 
5 
1

And they all end with a random web link such as:

These and Many other http://www.cititsel.com

(The messages look more normal when viewed in Outlook and spell out "CI AL I S, VALI UM, and VI AGRA" of course.)

The problem is, they are all the same, but yet they are all totally RANDOM with the actual text! They get through Spam Assassin every single time. Right now, my filter is set at 3.5 level, but I think I've tried a much lower one before in an attempt to find out when SA would catch it.

Why hasn't the spam engine caught on to these types of e-mails after so long? If the text is totally random, is there any way I can filter these suckers out with the exception of filtering out every possible way to spell "pharmacy" with a space!? Is anyone else getting these annoying spams?

Please help!
Matt

 

[dalem]

edit your exim.conf and put some good RBL's and what really cuts the junk out for me is is a surbl block at the exim MTA rejects the SPAM domains before it hits your server there are a couple of how too's around here


see That Spam you posted would not have evan made it into my mail box rejected
I dont use Spam Assassin and get very few of these :D

] F=<[email protected]> rejected after DATA: Message contains blacklisted domain (cititsel.com) in [jp] [ab] [ob] [ws] [sc]. See http://www.surbl.org/lists.html. [email protected] (Rule 21)
2006-01-22 06:13:04 1F0fxl-0005IR-UE H=(IGLD-84-228-243-217.inter.net.il) [84.228.243.217] F=<[email protected]> rejected after DATA: Message contains blacklisted domain (cititsel.com) in [jp] [ab] [ob] [ws] [sc]. See http://www.surbl.org/lists.html. [email protected](Rule 21)

 

[kemis]

I'm only a reseller, so I don't think I have direct access to the exim.conf file. Is this correct? So would I need to contact my hoster to see if they are willing to modify it for me?

Also, would each cPanel account have its own exim settings, or is that set at a reseller account level, or at a cPanel server level?

I gratefully accept your help. Thank you so much!

-- Matt

 

[dalem]

you would need root access to make these kind of modifications

they may or may not modify as the changes would be global

 

[chirpy]

Indeed. You could also ask your hosting provider to add additional SA rulsets from SARE that target exactly these types of SPAM:
http://www.rulesemporium.com