# ACOPM [![Build Status](https://travis-ci.org/AlphaChat/ACOPM.svg?branch=master)](https://travis-ci.org/AlphaChat/ACOPM)

ACOPM (The AlphaChat Open Proxy Monitor) is a from-scratch implementation of
a DNSBL and proxy checking program for IRC networks.

For similar programs in this area, look no further than HOPM (The Hybrid Open
Proxy Monitor), and the program it is based on, BOPM (The Blitzed Open Proxy
Monitor), which is no longer under development.

This implementation strives to achieve a number of goals not currently met by
either of the above programs:

- Easily readable and auditable sourcecode, written to a high standard and
  with thorough testing

- Reuse of existing libraries instead of creation of new ones for tasks such
  as event handling (libevent) and configuration file parsing (libconfig)

- Efficiency (e.g. by blocking as much as possible, and reading & processing
  as much data at a time as possible, or with the use of highly scalable I/O
  instead of plain `poll(2)` or `select(2)`)

- The use of a TLS library other than OpenSSL for communicating with HTTPS
  proxies (which may be malicious) and with IRCd (which BOPM/HOPM do not do)

- IRCv3/SASL support for identification to IRC Services at IRCd registration
  time


# WARNING

This program is currently under development. It is not production-ready and
lacks a few planned features. While it is constantly debugged and tested
from a safety point of view using tools like Valgrind, ASan, and Clang's
static analyzer (`scan-build(1)`), it has not yet been thoroughly tested from
a behaviour point of view on a production IRC network with real data.

We recommend running it in report-only mode (see the example configuration
file) so that it does not disconnect clients in error.


# Requirements

- A supported operating system (see the Notes section below)

- To speak TLS to an IRCd and scan for HTTPS CONNECT proxies, you need a
  version of ARM mbedTLS, at least 2.2, and `./configure --with-mbedtls`.

    - If you do not have it, you can use `./configure --with-mbedtls=internal`
      to build a local copy of 2.5 instead. Note that if you wish to do this,
      you must clone this project with `git(1)` directly, instead of using a
      source code tarball, because the in-tree copy of ARM mbedTLS is a Git
      sub-module

- To use the proxy scanning feature, the machine you run this software on
  must be hosted by a provider that permits port scanning of foreign networks
  and addresses. Many do not, so consult your provider before enabling this
  feature, or they may seize or destroy the machine without warning!

- To use the provided DroneBL submission script to automatically report open
  proxies to the DroneBL project for listing, you will need to obtain an RPC
  key from that project; [do so here](https://dronebl.org/rpckey_signup).
  Once you have a key, see the example configuration file for how to use it.
  However, you should not request a key if you will not be using the script!


# Notes

Before you can configure and make this program, you must execute `autogen.sh`.

Additionally, the machine will need to have the requisite libraries (libconfig
and libevent) available and installed.

This program should compile without (serious) warnings and run on any of the
following supported operating systems. Please see the Help section below for
where to report a possible issue if it does not.

- Most modern Linux distributions (Alpine, Arch, Debian, Gentoo, Ubuntu, ...)

- OpenBSD, FreeBSD, and NetBSD versions that still receive support from their
  respective developers and/or vendors


# Help

For assistance with this software, please drop by
[`#AlphaDev on AlphaChat`](https://webchat.alphachat.net/?channels=AlphaDev)