Re: [AMaViS-user] Razor2 and amavisd-new

Mark wrote:

> Gary,

>> Razor2 for use with amavisd-new. Mini HOWTO

> Thanks, nice.

> One general remark: it is better if the not-to-be-mucked-with files
> such as razor-agent.conf are not owned by (nor live in a directory
> owned by) vscan, just in case. It is safer to have them owned by root
> and let them live perhaps in /etc.

> For the same reason I also prefer if the directory /var/amavis
> is owned by root and not writable by vscan, but provide
> a subdirectory such as /var/amavis/home, owned by vscan,
> where SA and other dynamic data files can live:

> $MYHOME = '/var/amavis'; # a convenient default for other settings
> $helpers_home = "$MYHOME/home"; # prefer $MYHOME clean and owned by root
> $pid_file = "$helpers_home/amavisd.pid";
> $lock_file = "$helpers_home/amavisd.lock";

> The ownerships/protections are then something like:

> $ ll -d /var/amavis
> drwxr-x--x 8 root wheel 512 Aug 5 15:29 /var/amavis

> $ ll -d /var/amavis/home
> drwxr-x--- 5 vscan vscan 512 Aug 11 09:48 /var/amavis/home

> $ ll /var/amavis/home/
> drwxrwxr-x 2 vscan vscan 512 Aug 5 02:17 .pyzor
> drwxrwxr-x 2 vscan vscan 512 Aug 11 09:44 .razor
> drwxrwxr-x 2 vscan vscan 512 Aug 11 10:09 .spamassassin
> -rw-r----- 1 vscan vscan 0 Aug 11 10:09 amavisd.lock
> -rw-r----- 1 vscan vscan 6 Aug 11 09:48 amavisd.pid

> Mark

Cool. Something worth pondering.

There are some bugs in razor I am aware of in versions 2.72 and 2.73
as it relates to razor-admin:

If /etc/razor/razor-admin.conf exists, it's possible that no files at all
will be created in the /path/to/amavis/.razor directory when you run:
su amavis -c 'razor-admin -create'

If /etc/razor/razor-admin.conf exists, the first time you run
'razor-admin -create' as root, some files that normally go in /root/.razor
will end up in /etc/razor. Here is a sample session, very sorry for
the length.

## clean up so we can test
~# rm -r .razor/
## clean up global files so we can test
~# rm /etc/razor/*
## create an empty file (razor will put real stuff in it later)
~# touch /etc/razor/razor-agent.conf
## create our razor files
~# razor-admin -create

~# ls -l /etc/razor
total 5
-rw-r--r-- 1 root root 724 Aug 11 07:55 razor-agent.conf
-rw-r--r-- 1 root root 209 Aug 11 07:55 razor-agent.log
-rw-r--r-- 1 root root 20 Aug 11 07:55 servers.catalogue.lst
-rw-r--r-- 1 root root 22 Aug 11 07:55 servers.discovery.lst
-rw-r--r-- 1 root root 38 Aug 11 07:55 servers.nomination.lst
## kind of strange - some of this stuff should not be *here*

~# ls -l /root/.razor
total 1
-rw-r--r-- 1 root root 484 Aug 11 07:55 server.folly.cloudmark.com.conf
## really strange, missing almost everything we need

## let's see if this does us any good.
~# razor-admin -register
~# ls -l /root/.razor
total 7
lrwxrwxrwx 1 root root 19 Aug 11 07:57 identity -> identity-ruDKXiT8Eg
-rw------- 1 root root 90 Aug 11 07:57 identity-ruDKXiT8Eg
-rw-r--r-- 1 root root 328 Aug 11 07:57 razor-agent.log
-rw-r--r-- 1 root root 484 Aug 11 07:55 server.folly.cloudmark.com.conf
-rw-r--r-- 1 root root 484 Aug 11 07:57 server.joy.cloudmark.com.conf
-rw-r--r-- 1 root root 20 Aug 11 07:57 servers.catalogue.lst
-rw-r--r-- 1 root root 22 Aug 11 07:57 servers.discovery.lst
-rw-r--r-- 1 root root 38 Aug 11 07:57 servers.nomination.lst
## that's better - razor created what it needed.

## let's debug it
~# spamassassin --lint -D
<...>
Razor-Log: Computed user confpath from env: /root/.razor
Razor-Log: No /root/.razor/razor-agent.conf found, skipping.
Razor-Log: read_file: 15 items read from /etc/razor/razor-agent.conf
Razor-Log: Computed razorhome from env: /root/.razor
Razor-Log: Found razorhome: /root/.razor
<...>
## razor is happy, at least it did find what it needs.

## clean up to test amavis this time
~# rm -r /var/lib/amavis/.razor/
## create files
~# su amavis -c 'razor-admin -create'
~# ls -l /var/lib/amavis/.razor/
total 0
## what the heck? we should have *some* files!

## let's see if this helps
~# su amavis -c 'razor-admin -register'
~# ls -l /var/lib/amavis/.razor/
total 6
lrwxrwxrwx 1 amavis amavis 19 Aug 11 08:10 identity -> identity-rurU5PRBW4
-rw------- 1 amavis amavis 90 Aug 11 08:10 identity-rurU5PRBW4
-rw-r--r-- 1 amavis amavis 348 Aug 11 08:10 razor-agent.log
-rw-r--r-- 1 amavis amavis 484 Aug 11 08:10 server.joy.cloudmark.com.conf
-rw-r--r-- 1 amavis amavis 20 Aug 11 08:10 servers.catalogue.lst
-rw-r--r-- 1 amavis amavis 22 Aug 11 08:10 servers.discovery.lst
-rw-r--r-- 1 amavis amavis 38 Aug 11 08:10 servers.nomination.lst
## scared me for a moment, at least we have files now!
## that's strange, root got 'server.folly.cloudmark.com.conf' and I did not

## let's see if this helps
sfm:~# su amavis -c 'razor-admin -create'
## yes, now the file is there, this 2.72 version of razor *is* buggy.

## let's debug now
~# su amavis -c 'spamassassin --lint -D'
<...>
Razor-Log: Computed user confpath from env: /var/lib/amavis/.razor
Razor-Log: No /var/lib/amavis/.razor/razor-agent.conf found, skipping.
Razor-Log: read_file: 15 items read from /etc/razor/razor-agent.conf
Razor-Log: Computed razorhome from env: /var/lib/amavis/.razor
Razor-Log: Found razorhome: /var/lib/amavis/.razor
<...>
## razor is happy, at least it did find what it needs.

Conclusion: Even using versions with bugs, and even if you do leave
/etc/razor/razor-agent.conf in place as a global conf file, razor will
figure out where it lives as long as you run 'razor-admin -create' and
'razor-admin -register' as the user that is running SpamAssassin.

Don't forget to set debuglevel = 0, in /etc/razor/razor-agent.conf

Gary V



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/