The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

"Pharam acy" Spams... argh!

Discussion in 'General Discussion' started by kemis, Jan 22, 2006.

  1. kemis

    kemis Well-Known Member

    Joined:
    Feb 17, 2005
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Georgetown, TX
    I'm so tired of deleting these recent (within the past 2-3 months) spams that have subjects such as:

    Re: pusillanimity Pharam acy
    Re: dripstone P haramacy
    Re: sorority Pharama cy
    Re: semiquaver Pharam acy

    They all start out in the body with some random thing like:
    Code:
    briefly how he was doing at the airports. And Im no hero; they died too
    quickly. ... Order your drinks, Im paying. They did and Bourne
    And they then all have something similar to:

    Code:
    V 
    C 
    V 
    
    I 
    I 
    A 
    
    A 
    A 
    L 
    
    G 
    L 
    I 
    
    R 
    I 
    U 
    
    A 
    S 
    M 
    
      
      
      
    
    from 
    from  
    from 
    
    $ 
    $ 
    $ 
    
    3 
    3 
    1 
    
    , 
    , 
    , 
    
    3 
    7 
    2 
    
    3 
    5 
    1 
    And they all end with a random web link such as:

    Code:
    These and Many other http://www.cititsel.com
    (The messages look more normal when viewed in Outlook and spell out "CI AL I S, VALI UM, and VI AGRA" of course.)

    The problem is, they are all the same, but yet they are all totally RANDOM with the actual text! They get through Spam Assassin every single time. Right now, my filter is set at 3.5 level, but I think I've tried a much lower one before in an attempt to find out when SA would catch it.

    Why hasn't the spam engine caught on to these types of e-mails after so long? If the text is totally random, is there any way I can filter these suckers out with the exception of filtering out every possible way to spell "pharmacy" with a space!? Is anyone else getting these annoying spams?

    Please help!
    Matt
     
    #1 kemis, Jan 22, 2006
    Last edited: Jan 22, 2006
  2. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    edit your exim.conf and put some good RBL's and what really cuts the junk out for me is is a surbl block at the exim MTA rejects the SPAM domains before it hits your server there are a couple of how too's around here :)


    see That Spam you posted would not have evan made it into my mail box rejected
    I dont use Spam Assassin and get very few of these :D

    ] F=<rhboulwp@ixxx.com> rejected after DATA: Message contains blacklisted domain (cititsel.com) in [jp] [ab] [ob] [ws] [sc]. See http://www.surbl.org/lists.html. R=xx@xxx.com (Rule 21)
    2006-01-22 06:13:04 1F0fxl-0005IR-UE H=(IGLD-84-228-243-217.inter.net.il) [84.228.243.217] F=<rhboulwp@xxx.com> rejected after DATA: Message contains blacklisted domain (cititsel.com) in [jp] [ab] [ob] [ws] [sc]. See http://www.surbl.org/lists.html. R=xx@xxx.com(Rule 21)
     
  3. kemis

    kemis Well-Known Member

    Joined:
    Feb 17, 2005
    Messages:
    104
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Georgetown, TX
    I'm only a reseller, so I don't think I have direct access to the exim.conf file. Is this correct? So would I need to contact my hoster to see if they are willing to modify it for me?

    Also, would each cPanel account have its own exim settings, or is that set at a reseller account level, or at a cPanel server level?

    I gratefully accept your help. Thank you so much!

    -- Matt
     
  4. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    you would need root access to make these kind of modifications

    they may or may not modify as the changes would be global
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. You could also ask your hosting provider to add additional SA rulsets from SARE that target exactly these types of SPAM:
    http://www.rulesemporium.com
     
Loading...
Similar Threads - Pharam acy Spams
  1. Methen
    Replies:
    1
    Views:
    293

Share This Page