Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
config:filter_files [2019/02/07 19:22] – Mention that C-style escapes are now supported. More examples. digital manconfig:filter_files [2023/12/18 19:51] (current) – [Filter Files] Note about file must end in LF digital man
Line 3: Line 3:
 Filter configuration (''[[dir:ctrl]]/*.cfg'') and trash can (''[[dir:text]]/*.can'') files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content. Filter configuration (''[[dir:ctrl]]/*.cfg'') and trash can (''[[dir:text]]/*.can'') files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content.
  
-Each line in a filter file may contain a comparison sequence.  Blank lines and lines beginning with a semicolon are ignored.+Each line in a filter file may contain a comparison pattern.  Blank lines and lines beginning with a semicolon character ('';''are ignored. Lines may contain up to 1000 characters.
  
-===== Comparison Sequences =====+A tab (ASCII 9) character or a new-line (CR or CRLF) sequence will terminate (signify the end of) each comparison pattern. All characters between the first tab character and the new-line sequence may be considered metadata for the comparison pattern. 
 + 
 +To support the correct auto-addition of filters, it's important that **all comparison patterns end in a new-line sequence** (i.e. a non-empty file must end with an LF character). 
 +===== Comparison Patterns =====
   * Leading white-space characters are ignored   * Leading white-space characters are ignored
-  * Sequences of alphabetic letters are treated case-insensitively +  * Alphabetic character are compared case-insensitively 
-  * C-style string-literal backslash (''\'') [[wp>C_syntax#Strings|escape sequences]] are supported (as of v3.17c) +  * C-style string-literal backslash (''\'') [[wp>C_syntax#Strings|escape sequences]] are supported in patterns (as of v3.17c) 
-  * Sequences //beginning// with an exclamation mark (''!'') negate the match logic for that sequence +  * Patterns //beginning// with an exclamation mark (''!'') negate the match logic for that pattern 
-  * Sequences //beginning// with an asterisk (''*'') match only if the characters following the ''*'' are found at the end of the comparison string +  * Patterns //ending// with a caret (''^'') match only if the preceding (left most) characters are found at the beginning of the comparison string ((The caret is a legacy pattern matching character made obsolete/redundant by the asterisk)) 
-  * Sequences //ending// with an asterisk (''*'') or caret (''^'') match only if the characters preceding are found at the beginning of the comparison string +  * Patterns //ending// with a tilde (''~'') match when the preceding string of characters are found //anywhere// within the comparison string 
-  * Sequences //ending// with a tilde (''~'') match when the preceding string of characters are found //anywhere// within the comparison string +  * Patterns //including// an asterisk (''*''will match when both the left and right string fragments (on either/both sides of the ''*'') match the comparison string (as of v3.19a) ((Additional (more than one) asterisks in a comparison pattern are not treated specially)) 
-  * All other sequences are "exact match" string comparisons+  * All other patterns are "exact match" string comparisons 
 + 
 +**Note:**\\ 
 +There's no effective difference between the patterns "word^" and "word*".
    
 ==== Examples ====  ==== Examples ==== 
-  * ''sysop'' in the ''name.can'' file would mean users could not use the name "sysop"+  * ''sysop'' in the ''name.can'' file would mean new users could not use the name "sysop"
-  * ''sysop*'' would mean users could not use names //beginning// with the word "sysop", like "sysop the" or "sysops"+  * ''sysop*'' would mean new users could not use names //beginning// with the word "sysop", like "sysop the" or "sysops"
-  * ''sysop~'' would mean users could not use names that have the word "sysop" //anywhere// in them, like "imthesysop" or "Joe Sysop".+  * ''sysop~'' would mean new users could not use names that have the word "sysop" //anywhere// in them, like "imthesysop" or "Joe Sysop".
  
 === Match strings with the character sequence "viagra" anywhere within === === Match strings with the character sequence "viagra" anywhere within ===
Line 53: Line 59:
  
 ^Filename / Page     ^Default Contents^Rejection Message((Rejection message files are only used/displayed by the terminal server))^Description^ ^Filename / Page     ^Default Contents^Rejection Message((Rejection message files are only used/displayed by the terminal server))^Description^
-|''[[email.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/email.can|email.can]]|''[[bademail.msg]]''|Disallowed (source or destination) e-mail addresses (see also ''[[twitlist.cfg]]'')| +|''[[email.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/email.can|email.can]]|''[[bademail.msg]]''|Disallowed (source or destination) e-mail addresses (see also ''[[twitlist.cfg]]'')| 
-|''[[file.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/file.can|file.can]]|''[[badfile.msg]]''|Disallowed filenames for upload| +|''[[file.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/file.can|file.can]]|''[[badfile.msg]]''|Disallowed filenames for upload| 
-|''[[host.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/host.can|host.can]]|''[[badhost.msg]]''|Disallowed hostnames for inbound connections (when hostname lookups are enabled)| +|''[[host.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/host.can|host.can]]|''[[badhost.msg]]''|Disallowed hostnames for inbound connections (when hostname lookups are enabled) and content
-|''[[ip.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/ip.can|ip.can]]|''[[badip.msg]]''|Disallowed IP addresses for inbound connections| +|''[[ip.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/ip.can|ip.can]]|''[[badip.msg]]''|Disallowed IP addresses for inbound connections and content (e.g. messages)
-|''[[ip-silent.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/ip-silent.can|ip-silent.can]]| |Silently-ignored IP addresses for inbound connections| +|''[[ip-silent.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/ip-silent.can|ip-silent.can]]| |Silently-ignored IP addresses for inbound connections| 
-|''[[name.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/name.can|name.can]]|''[[badname.msg]]''|Disallowed user login name/alias (see also [[howto:block-hackers]])| +|''[[name.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/name.can|name.can]]|''[[badname.msg]]''|Disallowed user login name/alias (see also [[howto:block-hackers]])| 
-|''[[password.can]]'' | [[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/password.can|password.can]]|''[[badpassword.msg]]''|Disallowed user passwords| +|''[[password.can]]'' | [[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/password.can|password.can]]|''[[badpassword.msg]]''|Disallowed user passwords| 
-|''[[phone.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/phone.can|phone.can]]|''[[badphone.msg]]''|Disallowed phone numbers for new users| +|''[[phone.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/phone.can|phone.can]]|''[[badphone.msg]]''|Disallowed phone numbers for new users| 
-|''[[subject.can]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/text/subject.can|subject.can]]|''[[badsubject.msg]]''|Disallowed subjects in posted messages|+|''[[subject.can]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/text/subject.can|subject.can]]|''[[badsubject.msg]]''|Disallowed subjects in posted messages
 + 
 +**New in Synchronet v3.20:**\\ 
 +Comparison patterns in ''.can'' files may contain metadata as tab-delimited ''key=value'' pairs. The keys supported are: 
 +^ Key  ^ Description 
 +|''t'' | Date/time stamp of filter addition (in ISO-8601 format) | 
 +|''e'' | Expiration date/time (in ISO-8601 format) | 
 +|''p'' | Protocol used (informational only) | 
 +|''r'' | Reason for filtering (informational only) | 
 +|''u'' | User name/identification at time of filtering (informational only) | 
 +|''h'' | Host name of client (informational only) |
  
 ===== Other Filter Files ===== ===== Other Filter Files =====
Line 68: Line 84:
  
 ^Filename / Page     ^Default Contents^Description^ ^Filename / Page     ^Default Contents^Description^
-|''[[spamblock.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/spamblock.cfg|spamblock.cfg]]|Hostnames and IP addresses blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock_exempt.cfg'')| +|''[[spamblock.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/spamblock.cfg|spamblock.cfg]]|Hostnames and IP addresses blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock_exempt.cfg'')| 
-|''[[twitlist.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/twitlist.cfg|twitlist.cfg]]|Disallowed (source or destination) e-mail addresses (enclosed in <angle brackets>or names (see also ''[[email.can]]'')|+|''[[twitlist.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/twitlist.cfg|twitlist.cfg]]|Disallowed (source or destination) e-mail/netmail addresses or names (see also ''[[email.can]]'')|
  
 ===== Filter Exemption Files ===== ===== Filter Exemption Files =====
Line 75: Line 91:
  
 ^Filename / Page     ^Default Contents^Description^ ^Filename / Page     ^Default Contents^Description^
-|''[[ipfilter_exempt.cfg]]'' |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/ipfilter_exempt.cfg|ipfilter_exempt.cfg]]| Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016)| +|''[[ipfilter_exempt.cfg]]'' |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/ipfilter_exempt.cfg|ipfilter_exempt.cfg]]| Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016)| 
-|''[[dnsbl_exempt.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/dnsbl_exempt.cfg|dnsbl_exempt.cfg]]|Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the [[server:mail|Mail Server]] (see also ''dns_blacklist.cfg'')| +|''[[dnsbl_exempt.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/dnsbl_exempt.cfg|dnsbl_exempt.cfg]]|Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the [[server:mail|Mail Server]] (see also ''dns_blacklist.cfg'')| 
-|''[[spamblock_exempt.cfg]]''   |[[http://cvs.synchro.net/cgi-bin/viewcvs.cgi/*checkout*/ctrl/spamblock_exempt.cfg|spamblock_exempt.cfg]]|Hostnames and IP addresses which are not to be blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock.cfg'')|+|''[[spamblock_exempt.cfg]]''   |[[https://gitlab.synchro.net/sbbs/sbbs/-/raw/master/ctrl/spamblock_exempt.cfg|spamblock_exempt.cfg]]|Hostnames and IP addresses which are not to be blocked from sending e-mail to the [[server:mail|Mail Server]] (see also ''spamblock.cfg'')|
  
  
Line 83: Line 99:
   * [[:config:|Configuration]]   * [[:config:|Configuration]]
  
-{{tag>filter abuse spam}}+ 
 +{{tag>configuration security abuse spam cfg can}}