#732675 pure-ftpd: invalid PTR hostnames without corresponding A/AAAA forward entry in logfile

Package:
pure-ftpd
Source:
pure-ftpd
Description:
Secure and efficient FTP server
Submitter:
Andreas Meile
Date:
2013-12-20 08:03:10 UTC
Severity:
normal
#732675#5
Date:
2013-12-20 07:54:47 UTC
From:
To:
Dear Maintainer,

During a security incident with a compromised FTP account I needed to lookup
the IP address inside the /var/log/messages log file.

Issue: When the foreign host has set bad DNS entries, for example

$ORIGIN 2.0.192.in-addr.arpa.
45	IN	PTR	customer.example.net.
46	IN	PTR	customer.example.net.
47	IN	PTR	customer.example.net.

$ORIGIN	example.net.
; there is no "customer  IN  A" record

then I get a log entry like

Dec 19 10:13:06 kundwebs pure-ftpd: (?@customer.example.net) [WARNING] Authentication failed for user [user001]

instead

Dec 19 10:13:06 kundwebs pure-ftpd: (?@192.0.2.45) [WARNING] Authentication failed for user [user001]

Needed fix: pure-ftpd always must also resolve the host name received from
the PTR record in forward direction to ensure that it is not a bogus hostname,
i.e. they must be identical. In all cases of wrong DNS configuration, pure-ftpd
always must show the naked IP address even if DontResolv=no is set.

Workaround by myself: DNS resolution disabled, i.e.

echo yes >/etc/pure-ftpd/conf/DontResolve

To the Debian package maintainers: I recommend to set this behaviour as the
package default.