[Exim] mysterious TO: headers

Hello all - I am running exim 4.04 with Redhat 7.2. There is a
certain type of spam getting through that is baffling me. In the
exim logs it looks like this:

2002-05-24 13:42:06 17BKwp-0007yZ-00 <= Drugs@???
H=(211.34.117.62) [211.34.117.62]:2987 I=[142.66.3.44]:25
P=smtp S=7927 T="Please verify your identity for this drug offers"
from <Drugs@???> for savoy@???


211.34.117.62 is the sending site, 142.66.3.44 is our mail
gateway, a machine called mensa.uleth.ca, and savoy@???
is where this message winds up (hg.uleth.ca being one of the
domains mensa relays mail to).

But when I login to my hg.uleth.ca account and view all the
headers, there is no mention of this message being destined
to savoy@???. The only relevant headers are:

To: recipients@???

or sometimes, something like:

To: dvincent@???

and that's it!

I want to write a filter to turf this stuff, but I am not sure how to
do it. I don't think the sending site is actually putting
"mensa.uleth.ca" in the headers. I think they are somehow
putting nothing but "recipients" or "dvincent" in the To: headers,
and the "qualify_domain" is getting tacked on (since there is no
domain part). But even that isn't exactly clear to me. I would actually
like to prevent exim from adding mensa.uleth.ca to anything, since
that machine has no local users and does nothing but relay mail to
valid domains. But I am not sure how to do this. If I leave
"qualify_domain" blank (in the exim configure file) it uses the
"primary_domain" setting instead, and this is also set to mensa.uleth.ca.
Is there a way to tell exim that the mail should be rejected if
it contains only a local part and no domain?


If anyone has any ideas on what is happening and how I can
block it, I would appreciate it. I do not want to use smtp_callbacks
(which would block this mail immediately, since Drugs@???
does not exist) but would rather figure out a way to accept the
mail and then freeze it or bit-bucket it. Thanks in advance!

- jim -