[AMaViS-user] Razor2 and amavisd-new

Razor2 for use with amavisd-new. Mini HOWTO

These are ad-hoc observations, and may not be 100% accurate.

Configuring Razor2 used to baffle me. I had no idea what the program
wanted to run successfully, and how to integrate it into amavisd-new
properly. The experiences I relay in this post I believe are generic to
recent versions of razor, but I know that different versions may
behave differently at times.

When razor starts up, it simply wants to find its configuration and
data files. The beauty of razor is, it already knows what its conf
and data files should look like, so (at least in recent versions) if
no conf and data files exist, it simply uses what it already knows
(the defaults). This at least allows the program to run. This would
actually be fine, except that one of the defaults is to keep a log.
That log, if left unattended, will eventually fill up a hard disk. So,
we need to have an actual conf file that we can use to override that
default.

When razor starts up, it looks for its data files in the home
directory of the user that starts the program. It will look for its
conf file in either /etc/razor or the home directory of the user that starts
the program. If it finds /etc/razor/razor-agent.conf it will assume this is
a global conf file. This file may be useful in some cases, but in the
case where the only two users that will actually use razor are root and
the amavisd-new user, this file makes razor configuration more
difficult. The reason is this - when you run 'razor-admin -create' it
creates the data files in $HOME/.razor. It should also create
razor-agent.conf, but if /etc/razor/razor-agent.conf already exists,
it assumes you don't need your own personal razor-agent.conf. So, I would
first get rid of the annoying /etc/razor/razor-agent.conf before you run
'razor-admin -create'. Some distros (like Debian) create this annoying
file, and others do not. OK, so we got rid of that file, now we can
set up razor. At this point these two commands are everything we need
to make razor work properly:

razor-admin -create
(This creates the data and conf files in our $HOME/.razor directory)
razor-admin -register
(This generates a unique user name and password used to connect to the
razor servers. Run this again if you get an error on the first try.)

If we ran these as root, we should have a /root/.razor directory with
files like these in it:

lrwxrwxrwx 1 root root 19 2005-08-11 02:08 identity -> identity-ru4lEKie45
-rw------- 1 root root 90 2005-08-11 02:08 identity-ru4lEKie45
-rw-r--r-- 1 root root 698 2005-08-11 02:07 razor-agent.conf
-rw-r--r-- 1 root root 648 2005-08-11 02:08 razor-agent.log
-rw-r--r-- 1 root root 511 2005-08-11 02:07 server.folly.cloudmark.com.conf
-rw-r--r-- 1 root root 484 2005-08-11 02:07 server.joy.cloudmark.com.conf
-rw-r--r-- 1 root root 20 2005-08-11 02:07 servers.catalogue.lst
-rw-r--r-- 1 root root 22 2005-08-11 02:07 servers.discovery.lst
-rw-r--r-- 1 root root 38 2005-08-11 02:07 servers.nomination.lst

If you don't have razor-agent.conf, you can guess the reason!
(Yes, you can simply copy /etc/razor/razor-agent.conf here if you
like - but you MUST run 'razor-admin -create' BEFORE you do!) Maybe it's
somewhere else? If it did not create razor-agent.conf you can be
fairly certain there is one *somewhere* else. I suggest you seek and
destroy, then run 'razor-admin -create again'.

Run 'spamassassin --lint -D' to see all kinds of razor related stuff that
shows you that it is working.

Now the reason for this exercise. Edit /root/.razor/razor-agent.conf
and change the debuglevel from 3 to 0 to prevent logging.

Now we need do the same for the amavisd-new user. Let's assume the
amavisd user's name is 'vscan'.

If the user 'vscan' has shell access:
su vscan -c 'razor-admin -create'
su vscan -c 'razor-admin -register'

This will create similar files it created for user 'root', but it will
create them in vscan's home directory. This is often /var/amavis or
/var/lib/amavis.

So now, for example, you would edit /var/amavis/.razor/razor-agent.conf
and change the debuglevel from 3 to 0 to prevent logging.

We can test with:
su vscan -c 'spamassassin --lint -D'

If your amavisd-new user does not have shell access (you are probably
using a Scott L. Henderson howto), you use a different method to create
the files that amavisd-new needs, you simply make a copy of the files
that were created for root:

cp -R /root/.razor /var/amavis
(for example)

All these files will be owned by root, so the proper thing to do is to
give them to your amavis user. In this example the amavis uid/gid will
be 'amavis'.

chown -R amavis:amavis /var/amavis
(for example, might as well do the whole tree while we are at it.)

Since in this case we don't have shell access, and therefore can't 'su amavis', run:
amavisd stop
amavisd debug-sa
and watch for the razor stuff. (Ctrl+c to cancel)
amavisd start

Here is happiness from 'amavisd debug-sa':

Razor-Log: Computed user confpath from env: /var/amavis/.razor
Razor-Log: read_file: 15 items read from /var/amavis/.razor/razor-agent.conf
Razor-Log: Computed razorhome from env: /var/amavis/.razor
Razor-Log: Found razorhome: /var/amavis/.razor
<...>
debug: Razor2 results: spam?

Gary V



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/