So I thought upgrading Apache for a DSPAM anti-spam/anti-virus machine was going to be straightforward!?!?

What was I thinking? OK, so FreeBSD’s ports system is great and generally handles upgrades effortlessly, but I had forgotten what was required for DSPAM and in particular the SUEXEC module.

The default SUEXEC settings on the FreeBSD Apache port will not work with DSPAM. The settings can be displayed like so:-

# suexec -V
-D AP_DOC_ROOT="/usr/local/www/data"
-D AP_GID_MIN=1000
-D AP_HTTPD_USER="www"
-D AP_LOG_EXEC="/var/log/httpd-suexec.log"
-D AP_SAFE_PATH="/usr/local/bin:/usr/local/bin:/usr/bin:/bin"
-D AP_UID_MIN=1000
-D AP_USERDIR_SUFFIX="public_html"

On my installation this gave me a serious problem in that it rendered Apache unable to run the various DSPAM cgis for the web application.

You can force the changes on the Apache port by using /etc/make.conf. The settings I used are below but be warned that they may well break very specific security settings so ensure that access to the DSPAM web application is restricted. Edit /etc/make.conf:-

# Apache SUEXEC options for DSPAM
SUEXEC_UIDMIN=100
SUEXEC_GIDMIN=1
SUEXEC_DOCROOT="/usr/local/www"
SUEXEC_USERDIR="vhosts"

Now reinstall the port (in my case the port is apache22):-

# cd /usr/ports/www/apache22
# make -DFORCE_PKG_REGISTER install

Now you can restart Apache and hopefully the dspam.cgi will work correctly.

BTW, DSPAM is great and more info can be found here:-

http://dspamwiki.expass.de/

Tags: Add new tag, apache, dspam, freebsd, suexec

This entry was posted on Wednesday, July 2nd, 2008 at 7:54 pm and is filed under apache, freebsd. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.