Set block

The set block is used to tweak and configure the server settings.

Sharing settings
If you (already) run multiple IRC servers then have a look at Sharing settings between servers to ease the burden when updating settings. The set block is an ideal candidate to be shared.

Syntax used in this documentation
As described in Configuration file syntax we will refer to settings like set::options::hide-ulines or set::auto-join. When we mention these we don't mean that you should really write set::options::hide-ulines as-is! It's just a shorthand. What we actually mean is you should write them out like this: set { options { hide-ulines; };       auto-join "#something"; };

Or you could put them in separate set blocks like this: set { auto-join "#something"; };

set { options { hide-ulines; }; };

Or even just: set { options { hide-ulines; }; }; set { auto-join "#something"; };

If the above is unclear, then maybe have another read at the Configuration file syntax article.

As you can see from above it's perfectly fine to have multiple set { } blocks! In fact it's quite normal to have one block with network-wide settings and one with server-specific settings. We generally don't recommend having much more separate set blocks as it's easy to loose track of them (and what settings is where), but it is perfectly possible.

set::kline-address
Syntax: set::kline-address 

The email address that K:line questions should be sent to. This value must be specified.

set::gline-address
Syntax: set::gline-address 

The email address that G:line questions should be sent to.

set::modes-on-connect
Syntax: set::modes-on-connect <+modes>

The modes that will be set on a user at connection.

set::snomask-on-connect
Syntax: set::snomask-on-connect <+modes>

The snomask that will be set on a user at connection.

set::modes-on-oper
Syntax: set::modes-on-oper <+modes>

The modes that will be set on a user when they /oper.

set::snomask-on-oper
Syntax: set::snomask-on-oper <+modes>

The snomask that will be set on a user when they /oper.

set::modes-on-join
Syntax: set::modes-on-join <+modes>

The modes that will be set on a channel when it is first created. Not all modes can be set using this command. +qaohvbeOAzlLk can NOT be set using this command.

set::level-on-join
Syntax: set::level-on-join 

The mode that a user will get when he's the first to join a channel. The default is 'op' (channel operator).

set::restrict-usermodes
Syntax: set::restrict-usermodes 

Restrict users to set/unset the modes listed here (don't use + or -). For example you can set +G in modes-on-connect and G in restrict-usermodes, that way you can force all users to be +G and unable to do -G.

set::restrict-channelmodes
Syntax: set::restrict-channelmodes 

Restrict users to set/unset the channelmodes listed here (don't use + or -). For example you can set +G in modes-on-join and G in restrict-channelmodes, that way you can force all (new) channels to be +G and unable to do -G. NOTE: it may still be possible to use these channelmodes through services by using MLOCK. Unfortunately we can't do much about that, you would have to ask the services coders to implement a restrict-channelmodes feature too.

set::restrict-extendedbans
Syntax: set::restrict-extendedbans 

Don't allow users to use any extended bans ("*") or disallow only certain ones (eg: "qc").

set::auto-join
Syntax: set::auto-join 

The channel(s) a user will be forced to join at connection. To specify more than one channel use a comma separated list. [Note: don't forget to add quotes, like: auto-join "#chan"]

set::oper-auto-join
Syntax: set::oper-auto-join 

The channel(s) a user will be forced to join when they /oper. To specify more than one channel use a comma separated list. [Note: don't forget to add quotes, like: oper-auto-join "#chan"]

set::anti-spam-quit-message-time
Syntax: set::anti-spam-quit-message-time 

A time value specifying the length of time a user must be connected for before a /quit message will be displayed. Used to prevent spam. A time value is a numeric string with d meaning days, h meaning hours, m meaning minutes, and s meaning seconds, for example 1d2h3m means 1 day, 2 hours, 3 minutes.

set::prefix-quit
Syntax: set::prefix-quit 

Sets the text that will be used to prefix a quit message. If this value is set to 0 then the standard "Quit:" is used.

set::static-quit
Syntax: set::static-quit 

Sets a static quit message that will be sent whenever a client logs off the network. This eliminates the need for anti-spam-quit-message-time, as well as the set::prefix-quit. It will NOT replace ERRORS with the static-quit message.

set::static-part
Syntax: set::static-part 

A value of 'yes' strips all part comments, a value of 'no' makes part just work as usual, anything else will be used as a part comment (eg: static-part "Bye!") but this can be quite annoying, so use with care.

set::who-limit
Syntax: set::who-limit 

Sets the limit for the maximum number of matches that will be returned for a /who. If this option is left out, no limit is enforced.

set::silence-limit
Syntax: set::silence-limit 

Sets the limit on the maximum SILENCE list entries. If this directive is not specified, a limit of 15 is set.

set::maxbans
Syntax: set::maxbans 

Sets the limit on the maximum amount of bans (+b) allowed per channel. The default is 60. If you change this, be sure to also take a look at maxbanlength (see next)!

set::maxbanlength
Syntax: set::maxbanlength 

Similar to above, but sets the maximum amount of characters for all bans added up together, so basically this puts up a limit on the (semi-)maximum amount of memory all channel bans on a channel can take. The default is 2048 (bytes). With the default set::maxbans of 60 this allows 2048:60=34 characters per ban on average.

set::oper-only-stats
Syntax 1: set::oper-only-stats  Syntax 2: set::oper-only-stats { }

Specifies a list of /STATS flags that only IRC Operators may see. The default is "*" which will prevent any regular user from using /STATS.

Be careful if you tweak this, some stats are not meant to be exposed to regular users and the information contained in them will often aid attackers / "bad guys".

set::maxchannelsperuser
Syntax: set::maxchannelsperuser 

Specifies the number of channels a single user may be in at any one time.

set::maxdccallow
Syntax: set::maxdccallow 

Specifies the maximum number of entries a user can have on his/her DCCALLOW list.

set::channel-command-prefix
Syntax: set::channel-command-prefix 

Specifies the prefix characters for services "in channel commands". Messages starting with any of the specified characters will still be sent even if the client is +d. The default value is "`!.".

set::allowed-nickchars
Syntax: set::allowed-nickchars { }

Character sets / languages to allow in nicks, see Nick Character Sets.

set::allow-userhost-change
Syntax: set::allow-userhost-change [never|always|not-on-channels|force-rejoin]

Specifies what happens when the user@host changes (+x/-x/chghost/chgident/setident/vhost/etc). never disables all the commands, always does always allow it even when in channels (may cause client desyncs) [default], not-on-channels means it's only allowed when the user is not on any channel, force-rejoin will force a rejoin in all channels and re-op/voice/etc if needed.

set::options::hide-ulines
Syntax: set::options::hide-ulines

If this is present, Ulined server will be hidden in a /links requested by non-opers.

set::options::flat-map
Syntax: set::options::flat-map

If this is present, all servers will appear as directly linked in /map and /links, thus you can no longer see which server is linked to which. This is a little help against (D)DoS attacks because evil people now no longer can easily see the 'weak points'.

set::options::show-opermotd
Syntax: set::options::show-opermotd

If present the opermotd will be shown to users once they successfully /oper.

set::options::identd-check
Syntax: set::options::identd-check

If present the presence of an identd server will be checked and the returned value will be used for the username. If no ident request is returned or the identd server doesn't exist, the user's specified username will be prefixed with a ~. If this value is omitted no such check is made.

set::options::show-connect-info
Syntax: set::options::show-connect-info

If present notices showing "ident request", "hostname lookup", etc. will be displayed when a user connects.

set::options::dont-resolve
Syntax: set::options::dont-resolve

If present hosts of incoming users are not resolved, can be useful if many of your users don't have a host to speed up connecting. Note that since no resolving is done you also can't have host based allow blocks.

set::options::mkpasswd-for-everyone
Syntax: set::options::mkpasswd-for-everyone

Makes it so the /mkpasswd can be used by anyone instead of oper-only, usage of the command by non-opers is sent to the EYES snomask.

set::options::allow-part-if-shunned
Syntax: set::options::allow-part-if-shunned

Allow shunned user to use /part.

set::options::fail-oper-warn
Syntax: set::options::fail-oper-warn

If present, a user will be notified that his/her failed /oper attempt has been logged.

set::options::allow-insane-bans
Syntax: set::options::allow-insane-bans

Allow insane broad bans like /GLINE *@*.xx. This makes it very easy to accidentally ban everyone on your network, so use with great care!

set::options::disable-cap
Syntax: set::options::disable-cap

Disable IRC Client Capabilities Extensions (CAP). Note that this makes SASL and various other features unavailable or harder for clients to use.

set::nopost::ban-action
Syntax: set::nopost::ban-action (requires m_nopost)

Action to take on a user if he tries to perform an HTTP POST command. The allowed values are: kill, gline, gzline, kline, zline, shun, and tempshun. The default value is kill. If you use a *line value or shun, then note that if gullible user who is tricked into visiting a website exhibiting the XPS IRC spamming attack will experience the shun or *line on his existing connections. The default value of kill protects against such user accidents, but use of *line and especially gzline may be needed in some situations.

set::nopost::ban-reason
Syntax: set::nopost::ban-reason (requires m_nopost)

The ban reason to set when m_nopost kills or bans a user.

set::nopost::ban-time
Syntax: set::nopost::ban-time (requires m_nopost)

The duration for shuns, glines, gzlines, klines, and zlines set by m_nopost. Default is 4h.

set::nopost::except-hosts
Syntax: set::nopost::except-hosts (requires m_nopost)

A list of hostmasks to exempt from m_nopost's killing or *-lining. You should neve need to place any hostmasks in this option.

set::dns::bind-ip
Syntax: set::dns::bind-ip 

Specifies the IP to bind to for the resolver, rarely ever needed.

set::network-name
Syntax: set::network-name 

Specifies the name of the network on which this server is run. This value should be exactly the same on all servers on a network.

set::default-server
Syntax: set::default-server 

Defines the name of the default server to tell users to connect to if this server is full.

set::default-ipv6-clone-mask
Syntax: set::default-ipv6-clone-mask

The default IPv6 clone detection mask. See allow::ipv6-clone-mask. The default value for this setting is 64.

set::services-server
Syntax: set::services-server 

Specifies the name of the server that the services bots are connected to. Required, set it to something like services.yournet.com if you don't have services.

set::stats-server
Syntax: set::stats-server <server-name>

Sets the name of the server on which the stats bot is located. If stats are not run this value may be left out.

set::sasl-server
Syntax: set::sasl-server <server-name>

Sets the name of the server to which SASL authenticate messages should be sent.

set::help-channel
Syntax: set::help-channel <network-help-channel>

Sets the name of the help channel for this network.

set::cloak-keys
Syntax: set::cloak-keys { "key1" "key2" "key3" }

Sets the keys to be used to generate a +x host. This value must be the same on all servers or the servers will not link. Each of the 3 set::cloak-keys:: must be a string of 5-100 characters (10-20 is fine) consisting of mixed lowercase (a-z), uppercase (A-Z) and digits (0-9). Note that depending on which cloaking module you have loaded, other rules may apply.

set::hiddenhost-prefix
Syntax: set::hiddenhost-prefix <prefix-value>

Defines the prefix that will be used on hiddenhosts (+x). This is usually three or four letters representing the network name. Linked servers must have the same hidden-host prefix for channel bans to function properly.

set::hosts::local
Syntax: set::hosts::local <locop-host-name>

Defines the hostname that will be assigned to local opers when they set +x. You may optionally specify a username@host for this value.

set::hosts::global
Syntax: set::hosts::global <globop-host-name>

Defines the hostname that will be assigned to global operators when they set +x. You may optionally specify a username@host for this value.

set::hosts::coadmin
Syntax: set::hosts::coadmin <coadmin-host-name>

Sets the hostname that will be assigned to co-admins when they set +x. You may optionally specify a username@host for this value.

set::hosts::admin
Syntax: set::hosts::admin <admin-host-name>

Defines the hostname that will be set for admins when they set +x. You may optionally specify a username@host for this value.

set::hosts::servicesadmin
Syntax: set::hosts::servicesadmin <servicesadmin-host-name>

Sets the hostname that will be given to services-admins when they set +x. You may optionally specify a username@host for this value.

set::hosts::netadmin
Syntax: set::hosts::netadmin <netadmin-host-name>

Sets the hostname that will be given to netadmins when they set +x. You may optionally specify a username@host for this value.

set::hosts::host-on-oper-up
Syntax: set::hosts::host-on-oper-up <yes/no>

If set to yes, the H/get_host flag will be honored and +x will be automatically set at /oper. If set to no, the user must set +x manually to receive the oper host.

set::ssl::egd
Syntax: set::ssl::egd 

Specifies that EGD (Entropy Gathering Daemon) support should be enabled. If you run OpenSSL 0.9.7 or higher, then /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and /etc/entropy will be searched by default so no filename is necessary, you may simply specify set::ssl::egd with no value. If you are using a version of OpenSSL prior to 0.9.7 or you want to use a EGD socket located somewhere other than the above listed locations you may specify the filename of the UNIX Domain Socket that an EGD is listening on.

set::ssl::certificate
Syntax: set::ssl::certificate 

Specifies the filename where the server's SSL certificate is located.

set::ssl::key
Syntax: set::ssl::key 

Specifies the filename where the server's SSL private key is located.

set::ssl::trusted-ca-file
Syntax: set::ssl::trusted-ca-file 

Specifies the filename where the certificates of the trusted CAs are located.

set::ssl::server-cipher-list
Syntax: set::ssl::server-cipher-list 

Specifies which ciphers to be allowed, by default we leave this up to OpenSSL. See http://www.openssl.org/docs/apps/ciphers.html on how to specify the list of ciphers.

set::ssl::renegotiate-bytes
Syntax: set::ssl::renegotiate-bytes 

Specifies after how many bytes an SSL session should be renegotiated (eg: 20m for 20 megabytes).

set::ssl::renegotiate-timeout
Syntax: set::ssl::renegotiate-timeout 

Specifies after how much time an SSL session should be renegotiated (eg: 1h for 1 hour).

set::ssl::options::fail-if-no-clientcert
Syntax: set::ssl::options::fail-if-no-clientcert

Forces clients that do not have a certificate to be denied.

set::ssl::options::no-self-signed
Syntax: set::ssl::options::no-self-signed

Disallows connections from people with self-signed certificates.

set::ssl::options::verify-certificate
Syntax: set::ssl::options::verify-certificate

Makes Unreal determine if the SSL certificate is valid before allowing connection.

set::ssl::options::no-starttls
Syntax: set::ssl::options::no-starttls

Disable STARTTLS. STARTTLS allows clients to use SSL on regular (non-SSL) ports.

set::ident::connect-timeout
Syntax: set::ident::connect-timeout 

Amount of seconds after which to give up connecting to the ident server (default: 10s).

set::ident::read-timeout
Syntax: set::ident::read-timeout 

Amount of seconds after which to give up waiting for a reply (default: 30s).

set::anti-flood::connect-flood
Syntax: set::anti-flood::connect-flood : 

Connection flood protection: limits the number of connection attempts from each IP to 'count' per 'period' seconds. Default is 3 per 60. This feature is also referred to as connection throttling.

set::anti-flood::nick-flood
Syntax: set::anti-flood::nick-flood : 

Nickflood protection: limits nickchanges to 'count' per 'period' seconds. For example nick-flood 4:90 means 4 per 90 seconds, the default is 3 per 60.

set::anti-flood::away-flood
Syntax: set::anti-flood::away-flood : 

Away flood protection: limits /away to 'count' changes per 'period' seconds. Example: away-flood 5:60s means max 5 changes per 60 seconds.

set::anti-flood::unknown-flood-amount
Syntax: set::anti-flood::unknown-flood-amount 

When we receive a connection from a user and this user sends more than kilobytes of data BEFORE actually coming online (a so called "unknown connection") then the user will be killed.

set::anti-flood::unknown-flood-bantime
Syntax: set::anti-flood::unknown-flood-bantime 

Specifies for how long an unknown connection flooder is banned (see also previous item).

set::default-bantime
Syntax: set::default-bantime 

Default bantime when doing /kline, /gline, /zline, /shun, etc without time parameter (like /gline *@some.nasty.isp), the default is permanent (0). Example: default-bantime 90d

set::modef-default-unsettime
Syntax: set::modef-default-unsettime 

For channelmode +f you can specify a default unsettime, if you specify 10 for example then +f [5j]:15 will be transformed to [5j#i10]:15. The default is no default unsettime.

set::modef-max-unsettime
Syntax: set::modef-max-unsettime 

The maximum amount of minutes for a mode +f unsettime (in +f [5j#i<TIME>]:15), this is a value between 0 and 255. The default is 60 (= 1 hour).

set::ban-version-tkl-time
Syntax: set::ban-version-tkl-time 

If you specify an 'action' like zline/gline/etc in ban version, then you can specify here how long the ip should be banned, the default is 86400 (1 day).

set::spamfilter::ban-time
Syntax: set::spamfilter::ban-time 

Same as above but for *lines/shuns added by spamfilter

set::spamfilter::ban-reason
Syntax: set::spamfilter::ban-reason 

Reason to be used for entries added by spamfilter

set::spamfilter::virus-help-channel
Syntax: set::spamfilter::virus-help-channel 

The channel to use for the 'viruschan' action in spamfilter

set::spamfilter::virus-help-channel-deny
Syntax: set::spamfilter::virus-help-channel-deny <yes|no>

If set to yes (or '1') it replies 'invite only' to any normal users that try to join the virus-help-channel. Only opers, people that match spamfilters and people that are /invite'd can join.

set::spamfilter::except
Syntax: set::spamfilter::except <target(s)>

These targets are exempt from spam filtering (no action will be taken), can be single target or comma seperated list.. Ex: except "#help,#spamreport"

set::spamfilter::slowdetect-warn
Syntax: set::spamfilter::slowdetect-warn 

If a spamfilter takes longer than this amount of milliseconds to execute (1000ms = 1 second), then a warning notice will be sent to all opers (default: 250). See also Slow Spamfilter Detection.

set::spamfilter::slowdetect-fatal
Syntax: set::spamfilter::slowdetect-fatal 

If a spamfilter takes longer than this amount of milliseconds to execute (1000ms = 1 second), then the spamfilter will be removed (default: 500). See also Slow Spamfilter Detection.

set::check-target-nick-bans
Syntax: set::check-target-nick-bans <yes|no>

Whenever the user changes his/her nick, check if the NEW nick would be banned. If so, do not allow the nickchange. Default is yes.

set::timesynch::enabled
Syntax: set::timesynch::enabled <yes|no>

Enable or disable time synchronization on-boot. Default is yes.

set::timesynch::server
Syntax: set::timesynch::server <IP>

Server to synchronize time with. This can be up to 4 IP's seperated by comma's. The servers must support NTP protocol version 4. The default is to use 3 time servers (US, EU, AU). Requests to these servers are sent in parallel, fastest reply wins.

set::timesynch::timeout
Syntax: set::timesynch::timeout 

Maximum time to wait for a time server reply. This is a value between 1 and 5, more is not possible because it causes too much inaccuracy. This setting is 3 by default and there's probably no good reason to change it.

set::ping-cookie
Syntax: set::ping-cookie <yes|no>

Send a challenge using PING, which clients respond to using PONG. This is helpful for preventing blind HTTP-POST attacks and other things, as well as stopping spoofed TCP on older operating systems with broken TCP stacks. The default is yes.

set::pingpong-warning
Syntax: set::pingpong-warning <yes|no>

When set::ping-cookie is enabled (usually on Windows), send a warning to each user to use '/quote pong ..' if they are having problems connecting? The default is no.

set::watch-away-notification
Syntax: set::watch-away-notification <yes|no>

Allows you to enable/disable AWAY notification in WATCH. The default is yes.