Re: [AMaViS-user] Razor errors?
This may be obvious, but since you didn't explicitly mention it, check the permissions on the /var/amavisd/.razor folder and the actual file as well. /var/amavis/.razor is 755 /var/amavis/.razor/razor-agent.conf is 644 However, /var/amavis is symlinked to /hd2/amavis, which is 750 and owned by the user vscan and group vscan. Meaning that if something in that group (like the spamd process) tries to access that file, indeed it wont be able to. I think if I change /var/amavis to 755, it would work fine but this might be a security issue, no? Better to add the spamd user to the vscan group? The 2nd thing I can think of is that you are running amavisd chrooted and when razor tries to find the config file it looks in /var/amavisd/var/amavisd/.razor (since it thinks /var/amavisd is the actual root). You can create a symlink as root like so 'cd /var/amavisd ln -s / var/amavisd'. Nope, not chrooted... I just noticed that the error says '/var/amavis' and not '/var/amavisd/', so perhaps you will need to change the path where razor looks for the config as well. Was a typo on my part, sorry. The directory is indeed /var/amavis. All the paths match up fine. Hope this helps. Regards, Adriel Thanks :) Let me know if you can think of anything else. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
Matt wrote: The question is, why is spamd in use? Typically SpamAssassin is called by amavisd-new and therefore only your vscan user would use /var/amavis/.razor/razor-agent.conf. Maybe the spamd user isn't in use. I know it exists in /etc/passwd (was created by the port), but I just assumed that the following log messages were coming from the spamd process which was being run as the spamd user But the spamd daemon should not be running on a system where amavisd-new calls spamassassin. In a typical amavisd-new environment there is no reason to start spamd. The error is caused by a process that should not be running. Sep 9 18:56:23 relay3 spamd[491]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Sep 9 18:57:58 relay3 spamd[490]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Sep 9 19:03:02 relay3 spamd[553]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Otherwise, why wouldn't it be able to access the file? Below is proof that something is up relay1# sudo -H -u vscan head -1 /var/amavis/.razor/razor-agent.conf # relay1# sudo -H -u spamd head -1 /var/amavis/.razor/razor-agent.conf head: /var/amavis/.razor/razor-agent.conf: Permission denied This is a good thing. Users other than the amavisd-new user (and root) should not have access to files in the /var/amavis directory. The /var/amavis directory is 0750, so others cannot read. You don't want to open up permissions on the whole tree. The /var/amavis and /var/amavis/.razor directories would have to be something like 0755 to allow access. Don't do that. The vscan user can access the file fine, while the spamd user can't Is something up with the port thats calling spamd as the spamd user? Possibly the only thing wrong with the port is it is starting the spamd daemon. If I am not mistaken, you are running FreeBSD, so I think you would take a look in /etc/rc.conf to see if it is enabled. -Matt So, you could add the spamd user to the amavis group, but like I said, most likely the spamd daemon should not even be running, so there really is no reason to. You are chasing a problem that can be solved by simply not running spamd. The other option, as I stated, is to remove: razor_config /var/amavis/.razor/razor-agent.conf from local.cf, then give the spamd user its own set of razor files. If it is indeed 'spamd' who is the user running the spamd daemon, you could either copy the .razor directory and files to spamd's home directory, then chown them to the spamd user, or create a new set of razor files: sudo -H -u spamd razor-admin -create sudo -H -u spamd razor-admin -register then edit spamd's .razor/razor-agent.conf file and set: debuglevel = 0 Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
Sure enough # Amavis stuff amavisd_enable=YES clamav_clamd_enable=YES spamd_enable=YES All I have to have are the first two lines, correct? :) On Sat, 10 Sep 2005, Gary V wrote: Matt wrote: The question is, why is spamd in use? Typically SpamAssassin is called by amavisd-new and therefore only your vscan user would use /var/amavis/.razor/razor-agent.conf. Maybe the spamd user isn't in use. I know it exists in /etc/passwd (was created by the port), but I just assumed that the following log messages were coming from the spamd process which was being run as the spamd user But the spamd daemon should not be running on a system where amavisd-new calls spamassassin. In a typical amavisd-new environment there is no reason to start spamd. The error is caused by a process that should not be running. Sep 9 18:56:23 relay3 spamd[491]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Sep 9 18:57:58 relay3 spamd[490]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Sep 9 19:03:02 relay3 spamd[553]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Otherwise, why wouldn't it be able to access the file? Below is proof that something is up relay1# sudo -H -u vscan head -1 /var/amavis/.razor/razor-agent.conf # relay1# sudo -H -u spamd head -1 /var/amavis/.razor/razor-agent.conf head: /var/amavis/.razor/razor-agent.conf: Permission denied This is a good thing. Users other than the amavisd-new user (and root) should not have access to files in the /var/amavis directory. The /var/amavis directory is 0750, so others cannot read. You don't want to open up permissions on the whole tree. The /var/amavis and /var/amavis/.razor directories would have to be something like 0755 to allow access. Don't do that. The vscan user can access the file fine, while the spamd user can't Is something up with the port thats calling spamd as the spamd user? Possibly the only thing wrong with the port is it is starting the spamd daemon. If I am not mistaken, you are running FreeBSD, so I think you would take a look in /etc/rc.conf to see if it is enabled. -Matt So, you could add the spamd user to the amavis group, but like I said, most likely the spamd daemon should not even be running, so there really is no reason to. You are chasing a problem that can be solved by simply not running spamd. The other option, as I stated, is to remove: razor_config /var/amavis/.razor/razor-agent.conf from local.cf, then give the spamd user its own set of razor files. If it is indeed 'spamd' who is the user running the spamd daemon, you could either copy the .razor directory and files to spamd's home directory, then chown them to the spamd user, or create a new set of razor files: sudo -H -u spamd razor-admin -create sudo -H -u spamd razor-admin -register then edit spamd's .razor/razor-agent.conf file and set: debuglevel = 0 Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ !DSPAM:43232c75853401434393381! --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
To be more succinct: kill the spamd process prevent it from starting on reboot remove the razor_config line from local.cf I would have to say I no longer recommend using something like razor_config /var/amavis/.razor/razor-agent.conf in local.cf. The only purpose it served was to allow 'root' and the amavisd-new user the ability to use one set of razor files. My intention was to try to have spamassassin debug sessions run as 'root' be very close to what a spamassassin debug session would look like for the amavisd-new user. This was done mainly for the benefit of those who's amavisd-new user did not have shell access. Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
On Sat, 10 Sep 2005, Gary V wrote: To be more succinct: kill the spamd process prevent it from starting on reboot Done :) Thank you :) That was my issue. -Matt --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
Matt wrote: Sure enough # Amavis stuff amavisd_enable=YES clamav_clamd_enable=YES spamd_enable=YES All I have to have are the first two lines, correct? :) Yeah, you can either set spamd_enable=NO, or remove spamd_enable=YES. Done :) Thank you :) That was my issue. You are most welcome. Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
Hi Matt, The file exists, but it looks like its a permissions problem. My /var/amavis dir is chmod 640 and owned by user vscan, group vscan. This may be obvious, but since you didn't explicitly mention it, check the permissions on the /var/amavisd/.razor folder and the actual file as well. The 2nd thing I can think of is that you are running amavisd chrooted and when razor tries to find the config file it looks in /var/amavisd/var/amavisd/.razor (since it thinks /var/amavisd is the actual root). You can create a symlink as root like so 'cd /var/amavisd ln -s / var/amavisd'. I just noticed that the error says '/var/amavis' and not '/var/amavisd/', so perhaps you will need to change the path where razor looks for the config as well. Hope this helps. Regards, Adriel PS. Sorry, sent the first email directly back to you and not the mailing list. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Razor errors?
Matt wrote: Hi all, I followed instructions given to me for creating /var/amavis/.razor and all files inside of it. When I added the razor location to the spamassassin config file, I get: Sep 9 18:56:23 relay3 spamd[491]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Sep 9 18:57:58 relay3 spamd[490]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf Sep 9 19:03:02 relay3 spamd[553]: razor2 check skipped: No such file or directory Can't read conf file: /var/amavis/.razor/razor-agent.conf repeated over and over again The file exists, but it looks like its a permissions problem. My /var/amavis dir is chmod 640 and owned by user vscan, group vscan. According to http://www.ijs.si/software/amavisd/INSTALL.txt chmod -R 750 /var/amavis Not sure, but you may need execute permissions to use razor-agent.conf Should I just add the spamd user into the vscan group? Or should I chmod 644 that directory? Thanks! -Matt The question is, why is spamd in use? Typically SpamAssassin is called by amavisd-new and therefore only your vscan user would use /var/amavis/.razor/razor-agent.conf. The instructions to place razor_config /var/amavis/.razor/razor-agent.conf in local.cf assume the only users that use those razor files are 'root' and 'vscan'. This setting is optional. If other users are involved, it may be best to give them their own razor files (the .razor directory and files copied to the user's home directory may suffice; chown of course), and then remove this setting in local.cf. I would assume it's best to not allow anyone other than 'root' and 'vscan' access to anything in the /var/amavis directory. Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Razor errors?
According to http://www.ijs.si/software/amavisd/INSTALL.txt chmod -R 750 /var/amavis Not sure, but you may need execute permissions to use razor-agent.conf Nope, x not needed. The question is, why is spamd in use? Typically SpamAssassin is called by amavisd-new and therefore only your vscan user would use /var/amavis/.razor/razor-agent.conf. I was wondering the same thing too. My global .razor dir and razor files are owner/group amavis (same as your vscan). -mike --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/