From UnrealIRCd documentation wiki
Jump to navigation Jump to search
This page contains changes which are not marked for translation.
Other languages:
English • ‎français

Spamfilter is a highly advanced system to fight spam, advertising, worms and other bad things on IRC. Spamfilters can be added through the /SPAMFILTER command or through spamfilter { } blocks in the configuration file.


On IRC spamfilters are added via the /SPAMFILTER command which uses the following syntax:
/spamfilter [add|del] [match-type] [target] [action] [tkltime] [reason] [match string]

Item Explanation & possible options
add / del Indicates if you want to add or remove a spamfilter
match-type The type of match string you're going to use (see also the examples later on). There are two choices:
  • -simple means simple matching with ? and * wildcard support
  • -regex uses regular expressions (more on that later)
target specifies the target type, the targets this spamfilter will look into:
Character Config item Description
c channel Channel message
p private Private message (from user->user)
n private-notice Private notice
N channel-notice Channel notice
P part Part reason
q quit Quit reason
d dcc DCC filename
a away Away message
t topic Setting a topic
u user User ban, will be matched against nick!user@host:realname

You can (and often will) specify multiple targets, like: cpNn

action specifies the action to be taken, such as kline. See Actions for a list of all possible actions.
tkltime The duration of the *line/shun added by the filter. Use '-' to use the default or to skip (eg: if action is 'block')
reason Block/*line/shun reason.. you CANNOT use spaces in this, but underscores ('_') will be translated into spaces at runtime. And double underscore ('__') gets an underscore ('_'). Again, use '-' to use the default reason.
match-string This is the actual string that should be blocked or that we should perform the specified action on. The syntax of this string depends on the match-type. See also examples below.

Scroll down for examples of the /SPAMFILTER command.

Spamfilter block

You can also put spamfilters in your configuration file, see the Spamfilter block. For information about each of the fields see above.


Block simple spam

Say, you see a user mass-spamming in channels and in PM (Private Message). In each case, the user is saying: Hey <NICK>, come watch me on my webcam! connect to It looks always like that, except for a varying IP/URL. You want any user who says this to be immediately GLINEd for 1 day.


/SPAMFILTER add -simple pc gline 1d You_are_spamming_or_you_have_a_virus! *Hey*come watch me on my webcam*

Or in the configuration file:

spamfilter {
        match-type simple;
        target { private; channel; };
        action gline;
        ban-time 1d;
        reason "You are spamming or you have a virus!";
        match "*Hey*come watch me on my webcam*";

Regex to block mIRC exploit

Regular expressions (regex) are much more powerful than the simple method. Several years ago mIRC had a bug: you could crash any mIRC v6.12 by sending a DCC SEND message with a filename of 225 (or more) characters. With the simple method from above you can't block this, with regex you can. For regex this is even an easy case.


/SPAMFILTER add -regex pc kill - Possible_mIRC_exploit_attempt \x01DCC (SEND|RESUME).{225}

Or in the configuration file:

spamfilter {
        match-type regex;
        target { private; channel; };
        action kill;
        reason "Possible mIRC exploit attempt";
        match "\x01DCC (SEND|RESUME).{225}";

To learn more about regex, see Introduction to regex (PCRE).

Slow Spamfilter Detection

Spamfilters often consist of complex regular expressions. There is a very small chance that if a regular expression is too complex that it would slow down the IRCd too much, causing issues with responsiveness.

Slow spamfilters are very exceptional but they are possible, so UnrealIRCd has a safety mechanism for this. They are set::spamfilter::detect-slow-warn and set::spamfilter::detect-slow-fatal. If a single spamfilter takes longer than detect-slow-warn then the IRC Server will warn about this spamfilter to IRCOps. If it takes longer than detect-slow-fatal it will remove the spamfilter. The default values for these are 250ms and 500ms respectively (so a quarter of a second and half a second).

Target of spamfilter bans

When a spamfilter is hit by a user, it will by default place ban on *@ip if the ban type is a *LINE (of course not for other actions such as warn). This should be fine for most people. You can, however, change this via the set::automatic-ban-target setting.

Exempting users from spamfilters

IRCOps will not trigger spamfilters by default (they are exempt). That is, if they use an operclass with the immune:server-ban:spamfilter permission.

You can also exempt specific targets by name, such as channels or nicks, via set::spamfilter::except.