Package: proftpd Version: 1.3.0-6 Severity: important
Im running a (self) backported version of latest proftpd on debian sarge. When enabling mod_wrap things seem to work fine at first glance. But there is one big caveeat: If a client connects who has no valid reverse dns. i.e. (test.foo.bar IN A 1.2.3.4 and 1.2.3.4 IN PTR fake.foo.bar) then proftpd refuses login from this ip. # syslog entry (/var/log/syslog): proftpd: warning: host name/name mismatch: fake.foo.bar != test.foo.bar # proftpd logfile entry (/var/log/proftpd/system.log): proftpd[7658] ftp.foo.bar (1.2.3.4[1.2.3.4]): mod_wrap/1.2.3: using access files: /etc/proftpd/hosts.allow, /etc/proftpd/hosts.deny proftpd[7658] ftp.foo.bar (1.2.3.4[1.2.3.4]): mod_wrap/1.2.3: refused connection from 1.2.3.4 I tried everything in /etc/proftpd/hosts.allow to allow the broken ip: proftpd : 1.2.3.4 proftpd : * proftpd : ALL proftpd : PARANOID proftpd : UNKNOWN I although put the above allow permissions additionally in /etc/hosts.allow. But this although doesnt matter. in proftpd.conf i use: UseReverseDNS = Off If i disable the mod_wrap module i can connect even with a broken dns ip. But thats not my solution, i need the mod_wrap feature. Some thing looks a little bit strange to me, its the logging as pasted above. Even if i start proftpd with debug level 9, he always writes more or less details to the (in proftpd.conf) defined /var/log/proftpd/system.log, thats OK. But he always (or some other process?) writes this one warning line (host name/name mismatch) to /var/log/syslog. In /var/log/proftpd/system.log the log entry alwas has the process id included, in the syslog entry the process id is missing. regards, matthias wamser -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.16-1-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages proftpd depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22sarge3 GNU C Library: Shared libraries an ii libcap1 1:1.10-14 support for getting/setting POSIX. ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7e-3sarge1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii netbase 4.25+0mw1 Basic TCP/IP networking system pn proftpd-common Not found. ii ucf 1.17 Update Configuration File: preserv -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
