Import Upstream version 1.1.5upstream/1.1.5

3 files changed, 1294 insertions, 0 deletions

diff --git a/doc/Makefile.am b/doc/Makefile.am
new file mode 100644
index 0000000..8444cd0
--- /dev/null
+++ b/doc/Makefile.am
@@ -0,0 +1,2 @@
+AUTOMAKE_OPTIONS = foreign
+dist_sysconf_DATA = reference.conf
diff --git a/doc/Makefile.in b/doc/Makefile.in
new file mode 100644
index 0000000..6185eaa
--- /dev/null
+++ b/doc/Makefile.in
@@ -0,0 +1,507 @@
+# Makefile.in generated by automake 1.15.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2017 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+am__is_gnu_make = { \
+  if test -z '$(MAKELEVEL)'; then \
+    false; \
+  elif test -n '$(MAKE_HOST)'; then \
+    true; \
+  elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+    true; \
+  else \
+    false; \
+  fi; \
+}
+am__make_running_with_option = \
+  case $${target_option-} in \
+      ?) ;; \
+      *) echo "am__make_running_with_option: internal error: invalid" \
+              "target option '$${target_option-}' specified" >&2; \
+         exit 1;; \
+  esac; \
+  has_opt=no; \
+  sane_makeflags=$$MAKEFLAGS; \
+  if $(am__is_gnu_make); then \
+    sane_makeflags=$$MFLAGS; \
+  else \
+    case $$MAKEFLAGS in \
+      *\\[\ \	]*) \
+        bs=\\; \
+        sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+          | sed "s/$$bs$$bs[$$bs $$bs	]*//g"`;; \
+    esac; \
+  fi; \
+  skip_next=no; \
+  strip_trailopt () \
+  { \
+    flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+  }; \
+  for flg in $$sane_makeflags; do \
+    test $$skip_next = yes && { skip_next=no; continue; }; \
+    case $$flg in \
+      *=*|--*) continue;; \
+        -*I) strip_trailopt 'I'; skip_next=yes;; \
+      -*I?*) strip_trailopt 'I';; \
+        -*O) strip_trailopt 'O'; skip_next=yes;; \
+      -*O?*) strip_trailopt 'O';; \
+        -*l) strip_trailopt 'l'; skip_next=yes;; \
+      -*l?*) strip_trailopt 'l';; \
+      -[dEDm]) skip_next=yes;; \
+      -[JT]) skip_next=yes;; \
+    esac; \
+    case $$flg in \
+      *$$target_option*) has_opt=yes; break;; \
+    esac; \
+  done; \
+  test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = doc
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/ax_append_compile_flags.m4 \
+	$(top_srcdir)/m4/ax_append_flag.m4 \
+	$(top_srcdir)/m4/ax_arg_enable_assert.m4 \
+	$(top_srcdir)/m4/ax_arg_enable_efence.m4 \
+	$(top_srcdir)/m4/ax_arg_enable_warnings.m4 \
+	$(top_srcdir)/m4/ax_arg_openssl.m4 \
+	$(top_srcdir)/m4/ax_check_compile_flag.m4 \
+	$(top_srcdir)/m4/ax_gcc_stack_protect.m4 \
+	$(top_srcdir)/m4/ax_library_net.m4 \
+	$(top_srcdir)/m4/ax_require_defined.m4 \
+	$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+	$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+	$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(dist_sysconf_DATA) \
+	$(am__DIST_COMMON)
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
+CONFIG_HEADER = $(top_builddir)/src/setup.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo "  GEN     " $@;
+am__v_GEN_1 = 
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 = 
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+  case $$AM_UPDATE_INFO_DIR in \
+    n|no|NO) false;; \
+    *) (install-info --version) >/dev/null 2>&1;; \
+  esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+  test -z "$$files" \
+    || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+    || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+         $(am__cd) "$$dir" && rm -f $$files; }; \
+  }
+am__installdirs = "$(DESTDIR)$(sysconfdir)"
+DATA = $(dist_sysconf_DATA)
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/mkinstalldirs
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LEX = @LEX@
+LEXLIB = @LEXLIB@
+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AUTOMAKE_OPTIONS = foreign
+dist_sysconf_DATA = reference.conf
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign doc/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+install-dist_sysconfDATA: $(dist_sysconf_DATA)
+	@$(NORMAL_INSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	if test -n "$$list"; then \
+	  echo " $(MKDIR_P) '$(DESTDIR)$(sysconfdir)'"; \
+	  $(MKDIR_P) "$(DESTDIR)$(sysconfdir)" || exit 1; \
+	fi; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(sysconfdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(sysconfdir)" || exit $$?; \
+	done
+
+uninstall-dist_sysconfDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(dist_sysconf_DATA)'; test -n "$(sysconfdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	dir='$(DESTDIR)$(sysconfdir)'; $(am__uninstall_files_from_dir)
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(DISTFILES)
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+check-am: all-am
+check: check-am
+all-am: Makefile $(DATA)
+installdirs:
+	for dir in "$(DESTDIR)$(sysconfdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	if test -z '$(STRIP)'; then \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	      install; \
+	else \
+	  $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	    install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	    "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+	fi
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+	-rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-dist_sysconfDATA
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-dist_sysconfDATA
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+	cscopelist-am ctags-am distclean distclean-generic \
+	distclean-libtool distdir dvi dvi-am html html-am info info-am \
+	install install-am install-data install-data-am \
+	install-dist_sysconfDATA install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-man install-pdf \
+	install-pdf-am install-ps install-ps-am install-strip \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-generic \
+	mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \
+	uninstall-am uninstall-dist_sysconfDATA
+
+.PRECIOUS: Makefile
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/doc/reference.conf b/doc/reference.conf
new file mode 100644
index 0000000..444c049
--- /dev/null
+++ b/doc/reference.conf
@@ -0,0 +1,785 @@
+/*
+ * Hybrid Open Proxy Monitor - HOPM sample configuration
+ *
+ * Copyright (c) 2014-2018 ircd-hybrid development team
+ *
+ * $Id$
+ */
+
+/*
+ * Shell style (#), C++ style (//) and C style comments are supported.
+ *
+ * Files may be included by either:
+ *        .include "filename"
+ *        .include <filename>
+ *
+ * Times/durations are written as:
+ *        12 hours 30 minutes 1 second
+ *
+ * Valid units of time:
+ *        year, month, week, day, hour, minute, second
+ *
+ * Valid units of size:
+ *        megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
+ *
+ * Sizes and times may be singular or plural.
+ */
+
+options {
+	/*
+	 * Full path and filename for storing the process ID of the running
+	 * HOPM.
+	 */
+	pidfile = "var/run/hopm.pid";
+
+	/*
+	 * Maximum commands to queue. Set to 0 if you don't want HOPM
+	 * to process commands.
+	 */
+	command_queue_size = 64;
+
+	/*
+	 * Interval to check command queue for timed out commands.
+	 */
+	command_interval = 10 seconds;
+
+	/*
+	 * Timeout of commands.
+	 */
+	command_timeout = 180 seconds;
+
+	/*
+	 * How long to store the IP address of hosts which are confirmed
+	 * (by previous scans) to be secure. New users from these
+	 * IP addresses will not be scanned again until this amount of time
+	 * has passed. IT IS STRONGLY RECOMMENDED THAT YOU DO NOT USE THIS
+	 * DIRECTIVE, but it is provided due to demand.
+	 *
+	 * The main reason for not using this feature is that anyone capable
+	 * of running a proxy can get abusers onto your network - all they
+	 * need do is shut the proxy down, connect themselves, restart the
+	 * proxy, and tell their friends to come flood.
+	 *
+	 * Keep this directive commented out to disable negative caching.
+	 */
+#	negcache = 1 hour;
+
+	/*
+	 * How long between rebuilds of the negative cache. The negcache
+	 * is only rebuilt to free up memory used by entries that are too old.
+	 * You probably don't need to tweak this unless you have huge amounts
+	 * of people connecting (hundreds per minute). Default is 12 hours.
+	 */
+	negcache_rebuild = 12 hours;
+
+	/*
+	 * Amount of file descriptors to allocate to asynchronous DNS. 64
+	 * should be plenty for almost anyone.
+	 */
+	dns_fdlimit = 64;
+
+	/*
+	 * Amount of time the resolver waits until a response is received
+	 * from a name server.
+	 */
+	dns_timeout = 5 seconds;
+
+	/*
+	 * Put the full path and filename of a logfile here if you wish to log
+	 * every scan done. Normally HOPM only logs successfully detected
+	 * proxies in the hopm.log, but you may get abuse reports to your ISP
+	 * about portscanning. Being able to show that it was HOPM that did
+	 * the scan in question can be useful. Leave commented for no
+	 * logging.
+	 */
+#	scanlog = "var/log/scan.log";
+};
+
+
+irc {
+	/*
+	 * IP address to bind to for the IRC connection. You only need to
+	 * use this if you wish HOPM to use a particular interface
+	 * (virtual host, IP alias, ...) when connecting to the IRC server.
+	 * There is another "vhost" setting in the scan {} block below for
+	 * the actual portscans. Note that this directive expects an IP address,
+	 * not a hostname. Please leave this commented out if you do not
+	 * understand what it does, as most people don't need it.
+	 */
+#	vhost = "0.0.0.0";
+
+	/*
+	 * Nickname for HOPM to use.
+	 */
+	nick = "MyHopm";
+
+	/*
+	 * Text to appear in the "realname" field of HOPM's /whois output.
+	 */
+	realname = "Hybrid Open Proxy Monitor";
+
+	/*
+	 * If you don't have an identd running, what username to use.
+	 */
+	username = "hopm";
+
+	/*
+	 * Hostname (or IP address) of the IRC server which HOPM will monitor
+	 * connections on. IPv6 is now supported.
+	 */
+	server = "irc.example.org";
+
+	/*
+	 * Password used to connect to the IRC server (PASS)
+	 */
+#	password = "secret";
+
+	/*
+	 * Port of the above server to connect to. This is what HOPM uses to
+	 * get onto IRC itself, it is nothing to do with what ports/protocols
+	 * are scanned, nor do you need to list every port your ircd listens
+	 * on.
+	 */
+	port = 6667;
+
+	/*
+	 * Defines time in which bot will timeout if no data is received
+	 */
+	readtimeout = 15 minutes;
+
+	/*
+	 * Interval in how often we try to reconnect to the IRC server
+	 */
+	reconnectinterval = 30 seconds;
+
+	/*
+	 * Command to execute to identify to NickServ (if your network uses
+	 * it). This is the raw IRC command text, and the below example
+	 * corresponds to "/msg nickserv identify password" in a client. If
+	 * you don't understand, just edit "password" in the line below to be
+	 * your HOPM's nick password. Leave commented out if you don't need
+	 * to identify to NickServ.
+	 */
+#	nickserv = "NS IDENTIFY password";
+
+	/*
+	 * The username and password needed for HOPM to oper up.
+	 */
+	oper = "hopm operpass";
+
+	/*
+	 * Mode string that HOPM needs to set on itself as soon as it opers
+	 * up. This needs to include the mode for seeing connection notices,
+	 * otherwise HOPM won't scan anyone (that's usually umode +c).
+	 */
+	mode = "+c";
+
+	/*
+	 * If this is set then HOPM will use it as an /away message as soon as
+	 * it connects.
+	 */
+	away = "I'm a bot. Your messages will be ignored.";
+
+	/*
+	 * Info about channels you wish HOPM to join in order to accept
+	 * commands. HOPM will also print messages in these channels every
+	 * time it detects a proxy. Only IRC operators can command HOPM to do
+	 * anything, but some of the things HOPM reports to these channels
+	 * could be considered sensitive, so it's best not to put HOPM into
+	 * public channels.
+	 */
+	channel {
+		/*
+		 * Channel name. Local ("&") channels are supported if your ircd
+		 * supports them.
+		 */
+		name = "#hopm";
+
+		/*
+		 * If HOPM will need to use a key to enter this channel, this is
+		 * where you specify it.
+		 */
+#		key = "somekey";
+
+		/*
+		 * If you use ChanServ then maybe you want to set the channel
+		 * invite-only and have each HOPM do "/msg ChanServ invite" to get
+		 * itself in. Leave commented if you don't, or if this makes no
+		 * sense to you.
+		 */
+#		invite = "CS INVITE #hopm";
+	};
+
+	/*
+	 * You can define a bunch of channels if you want:
+	 *
+	 * channel { name = "#other"; }; channel { name= "#channel"; }
+	 */
+
+	/*
+	 * connregex is a POSIX regular expression used to parse connection
+	 * notices from the ircd. The complexity of the expression should
+	 * be kept to a minimum.
+	 *
+	 * Items in order MUST be: nick user host IP
+	 *
+	 * HOPM will not work with ircds which do not send an IP address in the
+	 * connection notice.
+	 *
+	 * This is fairly complicated stuff, and the consequences of getting
+	 * it wrong are the HOPM does not scan anyone. Unless you know
+	 * absolutely what you are doing, please just uncomment the example
+	 * below that best matches the type of ircd you use.
+	 */
+
+	/* bahamut / charybdis / ircd-hybrid / ircd-ratbox / ircu / UnrealIRCd 3.2.x (in HCN mode) */
+	connregex = "\\*\\*\\* Notice -- Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
+
+	/* ircd-hybrid with far connect notices (user mode +F) to scan clients on remote servers */
+#	connregex = "\\*\\*\\* Notice -- Client connecting.*: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
+
+	/* UnrealIRCd 4.0.x */
+#	connregex = "\\*\\*\\* Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
+
+	/* InspIRCd */
+#	connregex = "\\*\\*\\* .*CONNECT: Client connecting.*: ([^ ]+)!([^@]+)@([^\\)]+) \\(([0-9a-f\\.:]+)\\) \\[.*\\]";
+
+	/* ngIRCd */
+#	connregex = "Client connecting: ([^ ]+) \\(([^@]+)@([^\\)]+)\\) \\[([0-9a-f\\.:]+)\\].*";
+
+	/*
+	 * "kline" controls the command used when an open proxy is confirmed.
+	 * We suggest applying a temporary (no more than a few hours) KLINE on the host.
+	 *
+	 * <WARNING>
+	 * Make sure if you need to change this string you also change the
+	 * kline command for every DNSBL you enable below.
+	 *
+	 * Also note that some servers do not allow you to include ':' characters
+	 * inside the KLINE message (e.g. for a http:// address).
+	 *
+	 * Users rewriting this message into something that isn't even a valid
+	 * IRC command is the single most common cause of support requests and
+	 * therefore WE WILL NOT SUPPORT YOU UNLESS YOU USE ONE OF THE EXAMPLE
+	 * KLINE COMMANDS BELOW.
+	 * </WARNING>
+	 *
+	 * That said, should you wish to customise this text, several
+	 * printf-like placeholders are available:
+	 *
+	 *  %n     User's nick
+	 *  %u     User's username
+	 *  %h     User's irc hostname
+	 *  %i     User's IP address
+	 *  %t     Protocol type which has triggered a positive scan
+	 */
+
+	/* A KLINE example for bahamut / charybdis / ircd-hybrid / ircd-ratbox */
+	kline = "KLINE 180 *@%i :Open proxy found on your host.";
+
+	/* A KLINE example for InspIRCd */
+#	kline = "KLINE *@%i 3h :Open proxy found on your host.";
+
+	/* A KLINE example for ngIRCd */
+#	kline = "KLINE *@%i 10800 :Open proxy found on your host.";
+
+	/* A GLINE example for ircu */
+#	kline = "GLINE +*@%i 10800 :Open proxy found on your host.";
+
+	/* A ZLINE example for UnrealIRCd */
+#	kline = "ZLINE *@%i 3h :Open proxy found on your host.";
+
+	/*
+	 * An AKILL example for services with OperServ. Your HOPM must have permission to
+	 * AKILL for this to work!
+	 */
+#	kline = "OS AKILL ADD +3h *@%i Open proxy found on your host.";
+
+	/*
+	 * Text to send on connection, these can be stacked and will be sent in this order.
+	 *
+	 * !!! UNREAL USERS PLEASE NOTE !!!
+	 * Unreal users will need PROTOCTL HCN to force hybrid connect
+	 * notices.
+	 *
+	 * Yes Unreal users!  That means you!  That means you need the line
+	 * below!  See that thing at the start of the line?  That's what we
+	 * call a comment!  Remove it to UNcomment the line.
+	 *
+	 * Note that this is no longer needed as of UnrealIRCd 4.0.0.
+	 */
+#	perform = "PROTOCTL HCN";
+
+	/*
+	 * Text to send, via NOTICE, immediately when a new client connects. These can be
+	 * stacked and will be sent in this order.
+	 */
+#	notice = "You are now being scanned for open proxies. If you have nothing to hide, you have nothing to fear.";
+};
+
+
+/*
+ * OPM Block defines blacklists and information required to report new proxies
+ * to a dns blacklist. DNS-based blacklists store IP addresses in a DNS zone
+ * file. There are several blacklist that list IP addresses known to be open
+ * proxies or other forms of IRC abuse. By checking against these blacklists,
+ * HOPMs are able to ban known sources of abuse without completely scanning them.
+ */
+#opm {
+	/*
+	 * Blacklist zones to check IPs against. If you would rather not
+	 * trust a remotely managed blacklist, you could set up your own, or
+	 * leave these commented out in which case every user will be
+	 * scanned. The use of at least one open proxy DNSBL is recommended
+	 * however.
+	 *
+	 * Please check the policies of each blacklist you use to check you
+	 * are comfortable with using them to block access to your server
+	 * (and that you are allowed to use them).
+	 */
+
+
+	/* dnsbl.dronebl.org - http://dronebl.org */
+#	blacklist {
+		/* The DNS name of the blacklist */
+#		name = "dnsbl.dronebl.org";
+
+		/*
+		 * Address families that are supported by the blacklist. Default is 'ipv4'.
+		 */
+#		address_family = ipv4, ipv6;
+
+		/*
+		 * There are only two values that are valid for this
+		 * "A record bitmask" and "A record reply"
+		 * These options affect how the values specified to reply
+		 * below will be interpreted, a bitmask is where the reply
+		 * values are 2^n and more than one is added up, a reply is
+		 * simply where the last octet of the IP address is that number.
+		 * If you are not sure then the values set for dnsbl.dronebl.org
+		 * will work without any changes.
+		 */
+#		type = "A record reply";
+
+		/*
+		 * Kline types not listed in the reply list below.
+		 *
+		 * For DNSBLs that are not IRC specific and you just wish to kline
+		 * certain types this can be enabled/disabled.
+		 */
+#		ban_unknown = no;
+
+		/*
+		 * The actual values returned by the dnsbl.dronebl.org blacklist as
+		 * documented at http://dronebl.org/docs/howtouse
+		 */
+#		reply {
+#			2 = "Sample data used for heuristical analysis";
+#			3 = "IRC spam drone (litmus/sdbot/fyle)";
+#			5 = "Bottler (experimental)";
+#			6 = "Unknown worm or spambot";
+#			7 = "DDoS drone";
+#			8 = "Open SOCKS proxy";
+#			9 = "Open HTTP proxy";
+#			10 = "ProxyChain";
+#			11 = "Web Page Proxy";
+#			12 = "Open DNS Resolver";
+#			13 = "Automated dictionary attacks";
+#			14 = "Open WINGATE proxy";
+#			15 = "Compromised router / gateway";
+#			16 = "Autorooting worms";
+#			17 = "Automatically determined botnet IPs (experimental)";
+#			18 = "DNS/MX type hostname detected on IRC";
+#			255 = "Uncategorized threat class";
+#		};
+
+		/*
+		 * The kline message sent for this specific blacklist, remember to put
+		 * the removal method in this.
+		 */
+#		kline = "KLINE 180 *@%i :You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=Network";
+#	};
+
+
+	/* rbl.efnetrbl.org - https://rbl.efnetrbl.org/ */
+#	blacklist {
+#		name = "rbl.efnetrbl.org";
+#		type = "A record reply";
+#		ban_unknown = no;
+
+#		reply {
+#			1 = "Open proxy";
+#			2 = "spamtrap666";
+#			3 = "spamtrap50";
+#			4 = "TOR";
+#			5 = "Drones / Flooding";
+#		};
+
+#		kline = "KLINE 180 *@%i :Blacklisted proxy found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
+#	};
+
+
+
+	/* tor.efnetrbl.org - https://rbl.efnetrbl.org/ */
+#	blacklist {
+#		name = "tor.efnetrbl.org";
+#		type = "A record reply";
+#		ban_unknown = no;
+
+#		reply {
+#			1 = "TOR";
+#		};
+
+#		kline = "KLINE 180 *@%i :TOR exit node found. For more information, visit http://rbl.efnetrbl.org/?i=%i";
+#	};
+
+	/*
+	 * You can report the insecure proxies you find to a DNSBL also!
+	 * The remaining directives in this section are only needed if you
+	 * intend to do this. Reports are sent by email, one email per IP
+	 * address. The format does support multiple addresses in one email,
+	 * but we don't know of any servers that are detecting enough insecure
+	 * proxies for this to be really necessary.
+	 */
+
+	/*
+	 * Email address to send reports FROM. If you intend to send reports,
+	 * please pick an email address that we can actually send mail to
+	 * should we ever need to contact you.
+	 */
+#	dnsbl_from = "mybopm@myserver.org";
+
+	/*
+	 * Email address to send reports TO.
+	 * For example DroneBL:
+	 */
+#	dnsbl_to = "bopm-report@dronebl.org";
+
+	/*
+	 * Full path to your sendmail binary. Even if your system does not
+	 * use sendmail, it probably does have a binary called "sendmail"
+	 * present in /usr/sbin or /usr/lib. If you don't set this, no
+	 * proxies will be reported.
+	 */
+#	sendmail = "/usr/sbin/sendmail";
+#};
+
+
+/*
+ * The short explanation:
+ *
+ * This is where you define what ports/protocols to check for. You can have
+ * multiple scanner blocks and then choose which users will get scanned by
+ * which scanners further down.
+ *
+ * The long explanation:
+ *
+ * Scanner defines a virtual scanner. For each user being scanned, a scanner
+ * will use a file descriptor (and subsequent connection) for each protocol.
+ * Once connecting it will negotiate the proxy to connect to
+ * target_ip:target_port (target_ip MUST be an IP address).
+ *
+ * Once connected, any data passed through the proxy will be checked to see if
+ * target_string is contained within that data. If it is the proxy is
+ * considered open. If the connection is closed at any point before
+ * target_string is matched, or if at least max_read bytes are read from the
+ * connection, the negotiation is considered failed.
+ */
+scanner {
+	/*
+	 * Unique name of this scanner. This is used further down in the
+	 * user {} blocks to decide which users get affected by which
+	 * scanners.
+	 */
+	name = "default";
+
+	/*
+	 * HTTP CONNECT - very common proxy protocol supported by widely known
+	 * software such as Squid and Apache. The most common sort of
+	 * insecure proxy and found on a multitude of weird ports too. Offers
+	 * transparent two way TCP connections.
+	 */
+	protocol = HTTP:80;
+	protocol = HTTP:8080;
+	protocol = HTTP:3128;
+	protocol = HTTP:6588;
+
+	/*
+	 * The SSL/TLS variant of HTTP
+	 */
+#	protocol = HTTPS:443;
+#	protocol = HTTPS:8443;
+
+	/*
+	 * SOCKS4/5 - well known proxy protocols, probably the second most
+	 * common for insecure proxies, also offers transparent two way TCP
+	 * connections. Fortunately largely confined to port 1080.
+	 */
+	protocol = SOCKS4:1080;
+	protocol = SOCKS5:1080;
+
+	/*
+	 * Cisco routers with a default password (yes, it really does happen).
+	 * Also pretty much anything else that will let you telnet to anywhere
+	 * else on the Internet. Fortunately these are always on port 23.
+	 */
+	protocol = ROUTER:23;
+
+	/*
+	 * WinGate is commercial windows proxy software which is now not so
+	 * common, but still to be found, and helpfully presents an interface
+	 * that can be used to telnet out, on port 23.
+	 */
+	protocol = WINGATE:23;
+
+	/*
+	 * Dreambox DVB receivers with a default password allowing
+	 * full root access to telnet or install bouncers.
+	 */
+	protocol = DREAMBOX:23;
+
+	/*
+	 * The HTTP POST protocol, often dismissed when writing the access
+	 * controls for proxies, but sadly can still be used to abused.
+	 * Offers only the opportunity to send a single block of data, but
+	 * enough of them at once can still make for a devastating flood.
+	 * Found on the same ports that HTTP CONNECT proxies inhabit.
+	 *
+	 * Note that if your ircd has "ping cookies" then clients from HTTP
+	 * POST proxies cannot actually ever get onto your network anyway. If
+	 * you leave the checks in then you'll still find some (because some
+	 * people IRC from boxes that run them), but if you use HOPM purely as
+	 * a protective measure and you have ping cookies, you need not scan
+	 * for HTTP POST.
+	 */
+	protocol = HTTPPOST:80;
+
+	/*
+	 * The SSL/TLS variant of HTTPPOST
+	 */
+#	protocol = HTTPSPOST:443;
+#	protocol = HTTPSPOST:8443;
+
+	/*
+	 * IP address this scanner will bind to. Use this if you need your scans to
+	 * come FROM a particular interface on the machine you run HOPM from.
+	 * If you don't understand what this means, please leave this
+	 * commented out, as this is a major source of support queries!
+	 */
+#	vhost = "127.0.0.1";
+
+	/*
+	 * Maximum file descriptors this scanner can use. Remember that there
+	 * will be one FD for each protocol listed above. As this example
+	 * scanner has 8 protocols, it requires 8 FDs per user. With a 512 FD
+	 * limit, this scanner can be used on 64 users _at the same time_.
+	 * That should be adequate for most servers.
+	 */
+	fd = 512;
+
+	/*
+	 * Maximum data read from a proxy before considering it closed. Don't
+	 * set this too high, some people have fun setting up lots of ports
+	 * that send endless data to tie up your scanner. 4KB is plenty for
+	 * any known proxy.
+	 */
+	max_read = 4 kbytes;
+
+	/*
+	 * Amount of time before a test is considered timed out.
+	 * Again, all but the poorest slowest proxies will be detected within
+	 * 30 seconds, and this helps keep resource usage low.
+	 */
+	timeout = 30 seconds;
+
+	/*
+	 * Target IP to tell the proxy to connect to
+	 *
+	 * !!! THIS MUST BE CHANGED !!!
+	 *
+	 * You cannot instruct the proxy to connect to itself! The easiest
+	 * thing to do would be to set this to the IP address of your ircd
+	 * and then keep the default target_strings.
+	 *
+	 * Please use an IP address that is publically reachable from anywhere
+	 * on the Internet, because you have no way of knowing where the insecure
+	 * proxies will be located. Just because you and your HOPM can
+	 * connect to your ircd on some private IP address like 192.168.0.1,
+	 * does not mean that the insecure proxies out there on the Internet will be
+	 * able to. And if they never connect, you will never detect them.
+	 *
+	 * Remember to change this setting for every scanner you configure.
+	 */
+	target_ip = "127.0.0.1";
+
+	/*
+	 * Target port to tell the proxy to connect to. This is usually
+	 * something like 6667. Basically any client-usable port.
+	 */
+	target_port = 6667;
+
+	/*
+	 * Target string we check for in the data read back by the scanner.
+	 * This should be some string out of the data that your ircd usually
+	 * sends on connect. Multiple target strings are allowed.
+	 *
+	 * NOTE: Try to keep the number of target strings to a minimum. Two
+	 *       should be fine. One for normal connections and one for throttled
+	 *       connections. Comment out any others for efficiency.
+	 */
+
+	/*
+	 * Usually first line sent to client on connection to ircd.
+	 * If your ircd supports a more specific line (see below),
+	 * using it will reduce false positives.
+	 */
+	target_string = ":irc.example.org NOTICE * :*** Looking up your hostname";
+
+	/*
+	 * If you try to connect too fast, you'll be throttled by your own
+	 * ircd. Here's what a hybrid throttle message looks like:
+	 */
+	target_string = "ERROR :Your host is trying to (re)connect too fast -- throttled.";
+};
+
+
+scanner {
+	name = "extended";
+
+	protocol = HTTP:81;
+	protocol = HTTP:8000;
+	protocol = HTTP:8001;
+	protocol = HTTP:8081;
+
+	protocol = HTTPPOST:81;
+	protocol = HTTPPOST:6588;
+	protocol = HTTPPOST:4480;
+	protocol = HTTPPOST:8000;
+	protocol = HTTPPOST:8001;
+	protocol = HTTPPOST:8080;
+	protocol = HTTPPOST:8081;
+
+	/*
+	 * IRCnet have seen many socks5 on these ports, more than on the
+	 * standard ports even.
+	 */
+	protocol = SOCKS4:4914;
+	protocol = SOCKS4:6826;
+	protocol = SOCKS4:7198;
+	protocol = SOCKS4:7366;
+	protocol = SOCKS4:9036;
+
+	protocol = SOCKS5:4438;
+	protocol = SOCKS5:5104;
+	protocol = SOCKS5:5113;
+	protocol = SOCKS5:5262;
+	protocol = SOCKS5:5634;
+	protocol = SOCKS5:6552;
+	protocol = SOCKS5:6561;
+	protocol = SOCKS5:7464;
+	protocol = SOCKS5:7810;
+	protocol = SOCKS5:8130;
+	protocol = SOCKS5:8148;
+	protocol = SOCKS5:8520;
+	protocol = SOCKS5:8814;
+	protocol = SOCKS5:9100;
+	protocol = SOCKS5:9186;
+	protocol = SOCKS5:9447;
+	protocol = SOCKS5:9578;
+	protocol = SOCKS5:10000;
+	protocol = SOCKS5:64101;
+
+	/*
+	 * These came courtsey of Keith Dunnett from a bunch of public open
+	 * proxy lists.
+	 */
+	protocol = SOCKS4:29992;
+	protocol = SOCKS4:38884;
+	protocol = SOCKS4:18844;
+	protocol = SOCKS4:17771;
+	protocol = SOCKS4:31121;
+
+	fd = 400;
+
+	/*
+	 * If required you can add settings such as target_ip here
+	 * they will override the defaults set in the first scanner
+	 * for this and subsequent scanners defined in the config file
+	 * This affects the following options:
+	 * fd, vhost, target_ip, target_port, target_string, timeout and
+	 * max_read.
+	 */
+};
+
+/*
+ * Scanner to detect vulnerable SSH versions that normally exist on hacked
+ * routers and IoT devices. Don't forget to add this scanner to a user block.
+ */
+scanner {
+	name = "ssh";
+
+	protocol = SSH:22;
+
+	target_string = "SSH-1.99-OpenSSH_5.1";
+	target_string = "SSH-2.0-dropbear_0.51";
+	target_string = "SSH-2.0-dropbear_0.52";
+	target_string = "SSH-2.0-dropbear_0.53.1";
+	target_string = "SSH-2.0-dropbear_2012.55";
+	target_string = "SSH-2.0-dropbear_2013.62";
+	target_string = "SSH-2.0-dropbear_2014.63";
+	target_string = "SSH-2.0-OpenSSH_4.3";
+	target_string = "SSH-2.0-OpenSSH_5.1";
+	target_string = "SSH-2.0-OpenSSH_5.5p1";
+	target_string = "SSH-2.0-ROSSSH";
+	target_string = "SSH-2.0-SSH_Server";
+};
+
+
+/*
+ * User blocks define what scanners will be used to scan which hostmasks.
+ * When a user connects they will be scanned on every scanner {} (above)
+ * that matches their host.
+ */
+user {
+	/*
+	 * Users matching this host mask will be scanned with all the
+	 * protocols in the scanner named.
+	 */
+	mask = "*!*@*";
+	scanner = "default";
+};
+
+user {
+	/*
+	 * Connections without ident will match on a vast number of connections
+	 * very few proxies run ident though
+	 */
+#	mask = "*!~*@*";
+	mask = "*!squid@*";
+	mask = "*!nobody@*";
+	mask = "*!www-data@*";
+	mask = "*!cache@*";
+	mask = "*!CacheFlowS@*";
+	mask = "*!*@*www*";
+	mask = "*!*@*proxy*";
+	mask = "*!*@*cache*";
+
+	scanner = "extended";
+};
+
+
+/*
+ * Exempt hosts matching certain strings from any form of scanning or dnsbl.
+ * HOPM will check each string against both the hostname and the IP address of
+ * the user.
+ *
+ * There are very few valid reasons to actually use "exempt". HOPM should
+ * never get false positives, and we would like to know very much if it does.
+ * One possible scenario is that the machine HOPM runs from is specifically
+ * authorized to use certain hosts as proxies, and users from those hosts use
+ * your network. In this case, without exempt, HOPM will scan these hosts,
+ * find itself able to use them as proxies, and ban them.
+ */
+exempt {
+	mask = "*!*@127.0.0.1";
+};