forked from Castaglia/proftpd-mod_dnsbl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmod_dnsbl.html
190 lines (159 loc) · 6.18 KB
/
mod_dnsbl.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
<!-- $Id: mod_dnsbl.html,v 1.2 2008/04/08 22:34:19 tj Exp tj $ -->
<!-- $Source: /home/tj/proftpd/modules/doc/RCS/mod_dnsbl.html,v $ -->
<html>
<head>
<title>ProFTPD module mod_dnsbl</title>
</head>
<body bgcolor=white>
<hr>
<center>
<h2><b>ProFTPD module <code>mod_dnsbl</code></b></h2>
</center>
<hr><br>
<p>
A DNS blacklist is a way in which the DNS can be used to "blacklist"
sites/addresses that have been deemd to be "bad" in some way. These
blacklists are often used by email servers, for determining and rejecting
email sent by addresses known to be sources of spam. More information
on DNS blacklists can be found here:
<pre>
<a href="http://en.wikipedia.org/wiki/DNSBL">http://en.wikipedia.org/wiki/DNSBL</a>
</pre>
<p>
While DNS blacklists are well known for use by email servers, it is <i>also</i>
possible to use them for other means, such as ways of checking whether an
FTP client's address should be allowed or rejected by an FTP server. Thus
the <code>mod_dnsbl</code> module was written for ProFTPD, for such a purpose.
<p>
This module is contained in the <code>mod_dnsbl.c</code> file for
ProFTPD 1.3.<i>x</i>, and is not compiled by default. Installation
instructions are discussed <a href="#Installation">here</a>.
<p>
The most current version of <code>mod_dnsbl</code> can be found at:
<pre>
<a href="http://www.castaglia.org/proftpd/">http://www.castaglia.org/proftpd/</a>
</pre>
<h2>Author</h2>
<p>
Please contact TJ Saunders <tj <i>at</i> castaglia.org> with any
questions, concerns, or suggestions regarding this module.
<h2>Directives</h2>
<ul>
<li><a href="#DNSBLDomain">DNSBLDomain</a>
<li><a href="#DNSBLEngine">DNSBLEngine</a>
<li><a href="#DNSBLLog">DNSBLLog</a>
<li><a href="#DNSBLPolicy">DNSBLPolicy</a>
</ul>
<hr>
<h2><a name="DNSBLDomain">DNSBLDomain</a></h2>
<strong>Syntax:</strong> DNSBLDomain <em>domain</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_dnsbl<br>
<strong>Compatibility:</strong> 1.3.1rc1 and later
<p>
The <code>DNSBLDomain</code> directive is used to configure the DNS name of
a DNS blacklist site, to be consulted when determining whether
<code>mod_dnsbl</code> should allow or reject an FTP connection. This
directive can be used multiple times, to configure multiple different DNS
blacklist sites. When checking these sites, the <code>mod_dnsbl</code> module
will check each <code>DNSBLDomain</code>, in the order they appear in the
<code>proftpd.conf</code> file.
<p>
Example:
<pre>
DNSBLDomain sbl.spamhaus.org
DNSBLDomain xbl.spamhaus.org
</pre>
<p>
<hr>
<h2><a name="DNSBLEngine">DNSBLEngine</a></h2>
<strong>Syntax:</strong> DNSBLEngine <em>on|off</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_dnsbl<br>
<strong>Compatibility:</strong> 1.3.1rc1 and later
<p>
The <code>DNSBLEngine</code> directive toggles the use of DNS blacklists for
access control for FTP client connections (<i>e.g.</i> <code>mod_dnsbl</code>).
This is usually used inside a <code><VirtualHost></code> section to
enable DNS blacklist use for a particular virtual host. By default
<code>mod_dnsbl</code> is disabled for both the main server and all configured
virtual hosts.
<p>
<hr>
<h2><a name="DNSBLLog">DNSBLLog</a></h2>
<strong>Syntax:</strong> DNSBLLog <em>file</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_dnsbl<br>
<strong>Compatibility:</strong> 1.3.1rc1 and later
<p>
The <code>DNSBLLog</code> directive is used to specify a log file for
<code>mod_dnsbl</code>'s reporting on a per-server basis. The <em>file</em>
parameter given must be the full path to the file to use for logging.
<p>
Note that this path must <b>not</b> be to a world-writable directory and,
unless <code>AllowLogSymlinks</code> is explicitly set to <em>on</em>
(generally a bad idea), the path must <b>not</b> be a symbolic link.
<p>
<hr>
<h2><a name="DNSBLPolicy">DNSBLPolicy</a></h2>
<strong>Syntax:</strong> DNSBLPolicy <em>"allow,deny"|"deny,allow"</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_dnsbl<br>
<strong>Compatibility:</strong> 1.3.1rc1 and later
<p>
The <code>DNSBLPolicy</code> directive determines whether the
<code>mod_dnsbl</code> module (if enabled) will allow a connection by default
or not.
<p>
If <code>DNSBLPolicy</code> is configured using <em>"allow,deny"</em>, then
the <code>mod_dnsbl</code> module will allow the connection, <i>unless</i>
the connecting client is blacklisted by <i>any</i> of the configured
<code>DNSBLDomain</code> sites.
<p>
If <code>DNSBLPolicy</code> is configured using <em>"deny,allow"</em>, then
the <code>mod_dnsbl</code> module will <b>not</b> allow the connection,
<i>unless</i> the connecting client is listed by any of the configured
<code>DNSBLDomain</code> sites.
<p>
<hr><br>
<h2><a name="Installation">Installation</a></h2>
After unpacking the <code>mod_dnsbl</code> tarball, move the directory into
the ProFTPD source directory:
<pre>
mv mod_dnsbl/ /path/to/proftpd/contrib/
</pre>
<b>Note</b> that it is necessary to move the entire <code>mod_dnsbl</code>
directory, not just the <code>mod_dnsbl.c</code> source file, into the
<code>contrib/</code> directory in the ProFTPD source directory. Failure to
do so will result in a failed build.
<p>
Next:
<pre>
cd /path/to/proftpd/contrib/mod_dnsbl/
./configure
</pre>
This step is also necessary. If not done, then the proftpd build system
will not pick up the correct linker flags for the resolver library.
<p>
Then follow the normal steps for using third-party modules in proftpd:
<pre>
./configure --with-modules=mod_dnsbl
make
make install
</pre>
<p>
<hr><br>
Author: <i>$Author: tj $</i><br>
Last Updated: <i>$Date: 2008/04/08 22:34:19 $</i><br>
<br><hr>
<font size=2><b><i>
© Copyright 2007-2010 TJ Saunders<br>
All Rights Reserved<br>
</i></b></font>
<hr><br>
</body>
</html>