UnrealIRCd 6.1.2-rc1 available for testing

[Bram M. <sy...@un...>]

(You can unsubscribe from this list here 
<https://sourceforge.net/projects/unreal/lists/unreal-notify/unsubscribe>)

Hi everyone,

The release candidate for 6.1.2 is now available for testing. You can 
help us by testing and reporting any issues at 
https://bugs.unrealircd.org/ <https://bugs.unrealircd.org/>.

This release mainly focuses on adding spamfilter features but also 
contains fixes and other new features. See the release notes below.


      Enhancements:

  * We now give tips on (security) best practices depending on settings
    in your configuration file, such as using plaintext oper passwords
    in the config file. It is generally suggested to follow this advice,
    but you could disable such advice via set::best-practices
    <https://www.unrealircd.org/docs/Set_block#set::best-practices>.
  * security-group { } block
    <https://www.unrealircd.org/docs/Security-group_block> and mask item
    <https://www.unrealircd.org/docs/Mask_item> enhancements:
      o Add support for |channel "#xyz";| and |channel "@#need_ops_here";|
      o Add support for Crule <https://www.unrealircd.org/docs/Crule> to
        allow things like |rule "inchannel('@#main')||reputation()>1000";|
  * DNS Blacklists are now checked again some time after the user is
    connected. This will kill/ban users who are already online and got
    blacklisted later by for example DroneBL. This is controlled via
    set::blacklist::recheck-time
    <https://www.unrealircd.org/docs/Set_block#set::blacklist::recheck-time>
  * spamfilter { } block
    <https://www.unrealircd.org/docs/Spamfilter_block> improvements:
      o Spamfilters now always run, even for users that are exempt via a
        except ban block
        <https://www.unrealircd.org/docs/Except_ban_block> with |type
        spamfilter|. However, for exempt users no action is taken or
        logged. This allows us to count hits and hits for except users.
        The idea is that the hits for except users can be a useful
        measurement to detect false positives. These hitcounts are
        exposed in |SPAMFILTER| and |STATS spamfilter|.
      o Optional items allowing more complex rules:
          + spamfilter::rule
            <https://www.unrealircd.org/docs/Spamfilter_block#Spamfilter_rule>:
            with minimal 'if'-like preconditions and functions. If this
            returns false then the spamfilter will not run at all (no hit).
          + spamfilter::except: this is meant as an alternative to
            'rule' and works like a regular except item
            <https://www.unrealircd.org/docs/Mask_item>. If this
            matches, then the spamfilter will not run at all (no hit).
      o New target type |raw| (or |R| on IRC) to match a raw command /
        IRC protocol line (except message tags), such as |LIST*|.
        Naturally one needs to be very careful with these since a wrong
        filter could cause all/essential traffic to be rejected.
      o The |action| item now supports multiple actions:
          + A new action |stop| to stop other spamfilters from processing.
          + A new action |set| to set a TAG
            <https://www.unrealircd.org/docs/Spamfilter_block#Setting_tags>
            on a user, or increasing the value of one.
          + A new action |report| to call a spamreport block, see next.
  * A new spamreport { } block
    <https://www.unrealircd.org/docs/Spamreport_block>:
      o This can do a HTTP(S) call to services like DroneBL to report
        spam hits, so they can blacklist the IP address and other users
        on IRC can benefit.
  * Optional Central Spamfilter
    <https://www.unrealircd.org/docs/Central_spamfilter>: This will
    fetch and refresh spamfilter rules every hour from unrealircd.org.
      o This feature is not enabled default. Use |set {
        central-spamfilter { enabled yes; } }| to enable.
      o set::central-spamfilter::feed decides which feed to use: |fast|
        for early access to spamfilter rules that are new, and
        |standard| (the default) for rules that have been in fast for a
        while.
      o set::central-spamfilter::except defines who will never be
        affected by central spamfilters. By default it is: users with a
        reputation score of more than 2016 (7 days online unregged, or
        3.5 days as identified user) or having a host of *.irccloud.com.
        Spam matches for users that fall in this ::except group are
        counted as false positives and no action is taken or logged.
      o See the Central Spamfilter
        <https://www.unrealircd.org/docs/Central_spamfilter> article for
        the disclaimer and all other options you can set.
  * set::spamfilter::utf8
    <https://www.unrealircd.org/docs/Set_block#set::spamfilter::utf8> is
    now on by default:
      o This means you can safely use UTF8 characters in like |[]| in regex.
      o Case insensitive matches work better. For example, for extended
        Latin, a spamfilter on |ę| then also matches |Ę|.
      o Other PCRE2 features such as \p
        <https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC5>
        can then be used. For example the regex |\p{Arabic}| would block
        all Arabic script. See also this full list of scripts
        <https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC7>.
        Please use this new tool with care. Blocking an entire language
        or script is quite a drastic measure.
      o You can turn it off via: |set { spamfilter { utf8 no; } }|
  * Via set::spamfilter::show-message-content-on-hit
    <https://www.unrealircd.org/docs/Set_block#set::spamfilter::show-message-content-on-hit>
    you can now configure to hide the message content in spamfilter hit
    messages. Generally it is very useful to see if a spamfilter hit is
    correct or not, so the default is 'always', but it also has privacy
    implications so there is now this option to disable it.
  * You can restrict includes to only contain certain blocks, the style is:

    |include "some-file-or-url" { restrict-config { name-of-block;
    name-of-block2; } } |


      Changes:

  * We now compile the argon2 library shipped with UnrealIRCd by
    default, because it is often two times faster than the OS library.
    If you don't want this, which would be quite rare but for example
    because you are packaging UnrealIRCd as a .deb or .rpm, then you can
    use |--with-system-argon2| as a configure option.
  * The argon2 parameters have been lowered a bit, this so the hashing
    speed is acceptable for our purposes.


      Fixes:

  * UnrealIRCd has watch away notification since 2008, this is indicated
    in RPL_ISUPPORT via |WATCHOPTS=A| and then the syntax to actually
    use this is |WATCH A +Nick1 +Nick2 etc.|. In UnrealIRCd 6 there was
    a bug where it would not always correctly inform about the away
    status, that bug has now been fixed.
  * On 32 bit architectures you can now use more than 32 channel modes.
  * Set block for a security group
    <https://www.unrealircd.org/docs/Set_block#Set_block_for_a_security_group>:
    was not working for the |unknown-users| group.


      Developers and protocol:

  * Changes in numeric 229 (RPL_STATSSPAMF): Now includes hits and hits
    for users that are exempt, two counters inserted right before the
    last argument (the regex).
  * Several API changes, like |place_host_ban| to |take_action|

You can download UnrealIRCd from https://www.unrealircd.org/