Uggg… Proftpd is notoriously slow to login on Cpanel hosts. Then there’s this nonsense 3-minute timeout, which was done away with years ago. 20 to 30 minutes is now pretty much standard on most servers I’ve been on. Regardless of what settings I add to the proftpd.conf file, they seem to be ignored. So far, I’ve added:

UseReverseDNS off
IdentLookups off

TimeoutIdle 1800

All ignored of course… Has anyone figured out why this is happening? I’ve tried every suggestion from every newsgroup, as well as the proftpd FAQ, but still nothing. Any suggestions would be appreciated.

Maybe proftpd is inherently slow? I have NcFTPd on a pair server and it just screams. You click connect, and you’re logged in and ready in under a second, and no goofy 3-minute timeouts :)

Thanks!

Originally posted by fbsd4me
Maybe proftpd is inherently slow? I have NcFTPd on a pair server and it just screams. You click connect, and you’re logged in and ready in under a second, and no goofy 3-minute timeouts :)
No, ProFTPd is not slow. We use it and it screams, too. It might just be your cpanel configuration. I've never touched cpanel so I wouldn't know where to begin, but ProFTPd is fantastic. :)

Ok, so it must be some strange configurating (like most other things) on a Cpanel host. However, this complaint does seem to be prevalent throughout most news groups, and or proftpd based discussion forums. Most of the time, the suggested fixes are the ones I've mentioned above, but I don't really have any way of knowing if they worked (for the people that asked), as they don't leave any followups after adding them.

Thanks.

Originally posted by fbsd4me
Uggg… Proftpd is notoriously slow to login on Cpanel hosts. Then there’s this nonsense 3-minute timeout, which was done away with years ago. 20 to 30 minutes is now pretty much standard on most servers I’ve been on. Regardless of what settings I add to the proftpd.conf file, they seem to be ignored. So far, I’ve added:

UseReverseDNS off
IdentLookups off

TimeoutIdle 1800



If there are multiple copies of proftpd.conf scattered throughout your machine, make sure you're hitting the right one. Also, be sure that "IdentLookups off" is going in the Global section.

If there is no "global" directive defined, add this:

<Global>
IdentLookups off
</Global>

and then restart proftpd.

I don't know Cpanel, but I would find out if it has proftpd read in any external config files on the fly. If so, that's probably where you will have to make your changes so that they show up in current sites.

-Bob

Hey!

I got it working. I’ve got the “DNS OFF” and “Ident lookups OFF” to work, however it’s still not as fast on the login as it should be. There is still some sort of lookup going on, but I have no idea when else could be invoking this lookup. In any event, I’ve got average proftp login time down to 6-seconds from almost 45 seconds. I’ve also managed to fix the timeout problem too. Timeout now is set to 30-minutes, and it works:D I think this is as good as I’m going to get it.

Thanks Bob.

Got it!

Now it smokes! You have to add an entry to the hosts file. Once that’s done, lookups for the entered host are no longer done. This problem is most likely to effect those behind firewalls, or a on an ISP where Ident lookups are blocked, OR their DNS server is slow in responding because of high traffic. If this is the case, proftpd will hang until the requested DNS lookup fails. This was worth the time in fixing, as in some cases, waits can be as long as 60 to 70 seconds.

Hey Bob.

I think you’re right. After all that (hey I got it stuff), I guess I don’t really got it at all. :o This just keeps getting stranger. Here’s what’s happening: Any login to an FTP account on my server IP, which is also the named-based IP just fly’s. Another domain I have on a “dedicated IP” is as slow as frozen molasses. This is very confusing. I turned Ident and DNS lookups back on, and accounts on my named-based IP STILL fly!

In other words, just for testing purposes, I reverted everything back to default in the proftpd.conf file. Haha… Even if I wanted to kill it, I can’t. The thing is lightning fast no matter what. The down side, is I have no way of knowing what it is that’s making the name-based IP FTP accounts login so fast. As a result, I have no way of knowing what it is I’m supposed to do in order to get my dedicated IP accounts to act the same way.

Well, instead of talking, here’s a look at my proftpd.conf file. The named-based hosting works from the top set of directives, while the dedicated IP account is housed in a container all of its own. Since everything supposed to work globally, I can’t see how there could be a problem here:

--------------------------------------------------------------------

ServerName "ProFTPD"
AuthUserFile /etc/proftpd/passwd.vhosts
LogFormat BytesLog "%b"
ServerType standalone
DeferWelcome off
DefaultServer on
DefaultRoot ~ !wheel
Umask 022
TimeoutLogin 1800
TimeoutIdle 1800
TimeoutNoTransfer 1800
TimeoutStalled 3600

<Global>
IdentLookups off
UseReverseDNS off
</Global>

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Set the user and group that the server normally runs at.
User nobody
Group proftpd

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>

# A basic anonymous configuration, no upload directories. REMOVED



<VirtualHost 12.34.56.78.9>
ExtendedLog /etc/httpd/domlogs/ftp.mysite.com-ftpbytes_log READ BytesLog
TransferLog /etc/httpd/domlogs/ftp.mysite.com-ftp_log
ServerName ftp.mysite.com
AuthUserFile /etc/proftpd/flanders
MaxClients 3 "Sorry, this ftp server has reached its maximum user count (%m). Please try again later"
DirFakeGroup On ftpgroup
DirFakeUser On ftpuser
DefaultRoot ~
<Directory />
AllowOverwrite on
HideGroup wheel
HideUser root
</Directory>
<Anonymous /home/flanders/public_ftp>
UseFtpUsers on
RequireValidShell off
User ftp
Group ftp
UserAlias anonymous ftp
DisplayLogin welcome.msg
DisplayFirstChdir .message
<Limit WRITE>
<Limit WRITE>
DenyAll
</Limit>
<Directory incoming>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE READ>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>

Anyway, I’m at a loss. If there “is” proftp read or external config files, where would I find them? Yeah, now there’s a 6-million dollar question. I sure would like to know what it is I did to get it to work in the first place. If it started working by itself, it could also quit by itself. That would be a real drag, as I wouldn’t know how to get those settings back again.

One step further. Ok, I got it; well sort of. I added UseReverseDNS off, and IdentLookups off to the dedicated IP/virtual container. My dedicated IP FTP account now opens just as fast as my name-based ones. :D

The bad news, is I have to restart the server in order to get these changes to take effect. Well Mr. Bob, you were 100% correct. It looks as if the proftpd.conf file is being read, and then loaded into some sort of temp file on boot. I haven’t slightest clue as to where this may be, however, I can’t keep restarting the server every time I make a change to proftpd. Here are all the proftpd files:

proftpd.conf
proftpd.conf-
proftpd.conf.bytes
proftpd.conf.prev
proftpd.conf.tmp
proftpd.conf.tmpeditlib
proftpd.conf,v

Some of them are read only, and some of them have the old default config in them. With my luck, it’s probably some temp file buried in the system. I know it may seem trivial to some of you, but I like to know exactly what makes things work. After all, you can’t be an admin based on guesswork or good luck.:rolleyes:

I hope I’m not driving everyone crazy on this forum. I’m sort of hoping that someone else who has a yearning to tweak a Cpanel host may find these transcripts useful at some point in the future. Well, actually any host I guess.

Well, back to /etc and many other wonderful directories.

Here's how I fixed mine...pretty easy...

Using Webmin 0.97...

1. Click on "Servers" at top
2. Select ProFTP Server
3. Under "Global Configuration" click on "Networking Options"
4. Where says "Do reverse DNS lookups of client addresses?" choose "No"

Then give the server a reboot. That should fix illiminate the wait time since the server doesn't have to do a reverse lookup anymore.

Hey thanks.

I figured that out. For some reason, the “restart proftpd” in WHM does not always result in your new changes in the proftpd file taking effect. To fix that (at least in stubborn cases), I now use /etc/rc.d/init.d/proftpd restart, which restarts and reloads the daemon. This sure beats having to do a full server restart just for an update to the config file :stickout

Do you happen to know how to fix the problem with the mail server? It also takes awhile before you can login. I have CPanel and I think it use Exim.

Send me a PM, and I'll send you a copy of the changes I made to solve the problem of mail being Queued for hours at a time. As for slow logins, I'm not sure if you can fix that. I noticed that too. The thing does so many lookups, it's almost impossible to disable them all. This is what takes so long on login. I haven't solved that one yet.

It's great for security and all that, but man... Between FTP and Exim, and their lookups, it can really slow things down. FTP is now blazing fast though.