This is an old revision of the document!
Table of Contents
Filter Files
Filter configuration (ctrl/*.cfg
) and trash can (text/*.can
) files allow the sysop to specify words (or any sequence of characters) that will be used to disallow clients, users, or their content.
Each line in a filter file may contain a comparison pattern. Blank lines and lines beginning with a semicolon character (;
) are ignored. Lines may contain up to 1000 characters.
A tab (ASCII 9) character or a new-line (CR or CRLF) sequence will terminate (signify the end of) each comparison pattern. All characters between the first tab character and the new-line sequence may be considered metadata for the comparison pattern.
Comparison Patterns
- Leading white-space characters are ignored
- Alphabetic character are compared case-insensitively
- C-style string-literal backslash (
\
) escape sequences are supported in patterns (as of v3.17c) - Patterns beginning with an exclamation mark (
!
) negate the match logic for that pattern - Patterns ending with a caret (
^
) match only if the preceding (left most) characters are found at the beginning of the comparison string 1) - Patterns ending with a tilde (
~
) match when the preceding string of characters are found anywhere within the comparison string - Patterns including an asterisk (
*
) will match when both the left and right string fragments (on either/both sides of the*
) match the comparison string (as of v3.19a) 2) - All other patterns are “exact match” string comparisons
Note:
There's no effective difference between the patterns “word^” and “word*”.
Examples
sysop
in thename.can
file would mean new users could not use the name “sysop”.sysop*
would mean new users could not use names beginning with the word “sysop”, like “sysop the” or “sysops”.sysop~
would mean new users could not use names that have the word “sysop” anywhere in them, like “imthesysop” or “Joe Sysop”.
Match strings with the character sequence "viagra" anywhere within
viagra~
Match strings beginning with the character sequence "[adv]"
[adv]*
Match strings beginning with a space
\ *
Match the string "administrator", exactly (but case-insensitively)
administrator
Match strings that do not begin with the character sequence: "the "
!the *
IPv4 CIDR Notation
An additional comparison format was introduced in v3.17 (Feb-9-2017) specifically for partial (ranges of) IPv4 address matching following standard Classless_Inter-Domain_Routing (CIDR) notation. For example, rather than using the comparison string “192.168.1.*” to match all IP addresses that begin with the first 3 octets of 192, 168, and 1, you could specify the same thing using CIDR notation:
192.168.1.0/24
This enables the flexibility of filtering ranges of IP addresses based on sub-networks that are not multiples of 8-bits (e.g. “192.168.1.33/30”) and the format is compatible with commonly available regional block lists.
All 4 octets of the IPv4 address must be specified in the CIDR comparison string (i.e. “192.168.1/24” is not a valid CIDR comparison string).
CIDR comparisons beginning with the negation prefix (!
) are supported (reverses the IP address comparison logic).
IPv6 CIDR notation is not supported at this time.
Trash Can Files
The following table lists the supported trash can files, a description of their use, and optional rejection message (.msg
) files that may be displayed to users that are (or have their content) filtered. Trash can files and their respective optional rejection message files are located in the text
directory:
Filename / Page | Default Contents | Rejection Message3) | Description |
---|---|---|---|
email.can | email.can | bademail.msg | Disallowed (source or destination) e-mail addresses (see also twitlist.cfg ) |
file.can | file.can | badfile.msg | Disallowed filenames for upload |
host.can | host.can | badhost.msg | Disallowed hostnames for inbound connections (when hostname lookups are enabled) and content |
ip.can | ip.can | badip.msg | Disallowed IP addresses for inbound connections and content (e.g. messages) |
ip-silent.can | ip-silent.can | Silently-ignored IP addresses for inbound connections | |
name.can | name.can | badname.msg | Disallowed user login name/alias (see also block-hackers) |
password.can | password.can | badpassword.msg | Disallowed user passwords |
phone.can | phone.can | badphone.msg | Disallowed phone numbers for new users |
subject.can | subject.can | badsubject.msg | Disallowed subjects in posted messages |
New in Synchronet v3.20:
Comparison patterns in .can
files may contain metadata as tab-delimited key=value
pairs. The keys supported are:
Key | Description |
---|---|
t | Date/time stamp of filter addition (in ISO-8601 format) |
e | Expiration date/time (in ISO-8601 format) |
p | Protocol used (informational only) |
r | Reason for filtering (informational only) |
u | User name/identification at time of filtering (informational only) |
h | Host name of client (informational only) |
Other Filter Files
The following table lists other supported filter files and a description of their use. These filter files are located in the ctrl
directory and do not have a respective response message file:
Filename / Page | Default Contents | Description |
---|---|---|
spamblock.cfg | spamblock.cfg | Hostnames and IP addresses blocked from sending e-mail to the Mail Server (see also spamblock_exempt.cfg ) |
twitlist.cfg | twitlist.cfg | Disallowed (source or destination) e-mail/netmail addresses or names (see also email.can ) |
Filter Exemption Files
The following table lists supported filter exemption files and a description of their use. These filter exemption files are located in the ctrl
directory:
Filename / Page | Default Contents | Description |
---|---|---|
ipfilter_exempt.cfg | ipfilter_exempt.cfg | Hostnames and IP addresses that are considered exempt from temporary bans and permanent filtering (added Oct-17-2016) |
dnsbl_exempt.cfg | dnsbl_exempt.cfg | Hostnames and IP addresses and e-mail address (enclosed in <angle brackets>) which are to be exempt from positive DNS-based Blacklist results in the Mail Server (see also dns_blacklist.cfg ) |
spamblock_exempt.cfg | spamblock_exempt.cfg | Hostnames and IP addresses which are not to be blocked from sending e-mail to the Mail Server (see also spamblock.cfg ) |