ProFTPD module mod_dnsbl



A DNS blacklist is a way in which the DNS can be used to "blacklist" sites/addresses that have been deemd to be "bad" in some way. These blacklists are often used by email servers, for determining and rejecting email sent by addresses known to be sources of spam. More information on DNS blacklists can be found here:

  http://en.wikipedia.org/wiki/DNSBL

While DNS blacklists are well known for use by email servers, it is also possible to use them for other means, such as ways of checking whether an FTP client's address should be allowed or rejected by an FTP server. Thus the mod_dnsbl module was written for ProFTPD, for such a purpose.

This module is contained in the mod_dnsbl.c file for ProFTPD 1.3.x, and is not compiled by default. Installation instructions are discussed here.

The most current version of mod_dnsbl can be found at:

  http://www.castaglia.org/proftpd/

Author

Please contact TJ Saunders <tj at castaglia.org> with any questions, concerns, or suggestions regarding this module.

Directives


DNSBLDomain

Syntax: DNSBLDomain domain
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_dnsbl
Compatibility: 1.3.1rc1 and later

The DNSBLDomain directive is used to configure the DNS name of a DNS blacklist site, to be consulted when determining whether mod_dnsbl should allow or reject an FTP connection. This directive can be used multiple times, to configure multiple different DNS blacklist sites. When checking these sites, the mod_dnsbl module will check each DNSBLDomain, in the order they appear in the proftpd.conf file.

Example:

  DNSBLDomain sbl.spamhaus.org
  DNSBLDomain xbl.spamhaus.org


DNSBLEngine

Syntax: DNSBLEngine on|off
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_dnsbl
Compatibility: 1.3.1rc1 and later

The DNSBLEngine directive toggles the use of DNS blacklists for access control for FTP client connections (e.g. mod_dnsbl). This is usually used inside a <VirtualHost> section to enable DNS blacklist use for a particular virtual host. By default mod_dnsbl is disabled for both the main server and all configured virtual hosts.


DNSBLLog

Syntax: DNSBLLog file
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_dnsbl
Compatibility: 1.3.1rc1 and later

The DNSBLLog directive is used to specify a log file for mod_dnsbl's reporting on a per-server basis. The file parameter given must be the full path to the file to use for logging.

Note that this path must not be to a world-writable directory and, unless AllowLogSymlinks is explicitly set to on (generally a bad idea), the path must not be a symbolic link.


DNSBLPolicy

Syntax: DNSBLPolicy "allow,deny"|"deny,allow"
Default: None
Context: server config, <VirtualHost>, <Global>
Module: mod_dnsbl
Compatibility: 1.3.1rc1 and later

The DNSBLPolicy directive determines whether the mod_dnsbl module (if enabled) will allow a connection by default or not.

If DNSBLPolicy is configured using "allow,deny", then the mod_dnsbl module will allow the connection, unless the connecting client is blacklisted by any of the configured DNSBLDomain sites.

If DNSBLPolicy is configured using "deny,allow", then the mod_dnsbl module will not allow the connection, unless the connecting client is listed by any of the configured DNSBLDomain sites.



Installation

After unpacking the mod_dnsbl tarball, move the directory into the ProFTPD source directory:
  mv mod_dnsbl/ /path/to/proftpd/contrib/
Note that it is necessary to move the entire mod_dnsbl directory, not just the mod_dnsbl.c source file, into the contrib/ directory in the ProFTPD source directory. Failure to do so will result in a failed build.

Next:

  cd /path/to/proftpd/contrib/mod_dnsbl/
  ./configure
This step is also necessary. If not done, then the proftpd build system will not pick up the correct linker flags for the resolver library.

Then follow the normal steps for using third-party modules in proftpd:

  ./configure --with-modules=mod_dnsbl
  make
  make install



Author: $Author: tj $
Last Updated: $Date: 2008/04/08 22:34:19 $


© Copyright 2007-2010 TJ Saunders
All Rights Reserved