I've been trying to resolve the following question with lunarpages.com,
the company who is hosting my mail to no avail. I thought this would
be a really simple thing, but so far it has proven otherwise and so I'm
turning to this group in the hopes I can find some help.

Note, I am a total exim novice and not expert about mail headers and
such.

Here's the situation.

I have a domain with a small number of email accounts. For discussion
purposes, we can describe it as:

user1 -> actual email account, hosted at the same IP as the website
user2 -> actual email account, hosted at the same IP as the website

Any mail delivered to an undefined address is directed to user1 which
is a catch-all address. I sometimes use random usernames when
registering for websites so I can track if they sell my address and
flush addresses to /dev/null if they are abused.

Lately, spammers have been using some of these addresses such that they
show up in the "Envelope-to" header so no matter what is in the "To"
header, the mail goes whereever the "Envelope-to" header directs it.
The addresses they are abusing are unspecified, so they go to user1.

Since these are "disposable" addresses, I want to send any mail that
has them in any header at all to /dev/null. Initially my web hosting
company suggested that I could use the "$return_path" but I tired it
and couldn't get that to work. At that point they said, "you are
trying to set filter for non existing e-mail accounts which is a very
un-common approach and not very well documented. It also is not
possible to filter out the e-mail address in the "Envelope-To:" field
since this field is added after the header passed the filters. This has
to do with the way cPanel is handling e-mail delivery which is a little
bit different then on a regular mail server." Several times I have
pointed out that I didn't give a hoot about filtering on the
"Envelope-to" field per se, but the address that is appearing in it,
and that address was in a valid header somewhere because if it wasn't,
it would never have gotten to me in the first place.

I should note that I have tried editing the .filter file (as my web
hosting service originally directed) as follows:

$header_to: contains "newsnospam@mydomain.com"+++++++/dev/null
$message_headers contains "owner@mydomain.com"+++++++/dev/null
$message_headers contains "skin@mydomain.com"+++++++/dev/null
$message_headers contains "spam@mydomain.com"+++++++/dev/null
$message_headers contains "united@mydomain.com"+++++++/dev/null
$message_headers contains "vehix@mydomain.com"+++++++/dev/null
$message_headers matches
"(spidy|united|vehix|owner|skin)@sampledomain.com" +++++++/dev/null
$return_path matches "^skin@mydomain.com"+++++++/dev/null
$return_path matches "^united@mydomain.com"+++++++/dev/null
$return_path matches "^owner@mydomain.com"+++++++/dev/null
$return_path matches "^vehix@mydomain.com"+++++++/dev/null
$return_path matches "^spidy@mydomain.com"+++++++/dev/null

I would never have guessed that filtering for an address would be so
difficult. Is there a way to filter on the contents of whatever header
ends up as "Envelope-to" field?

Thanks in advance.

Michael