diff --git a/Makefile.in b/Makefile.in
index 543f8fa26..e7817d6c8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -187,6 +187,7 @@ install: all
 	-@if [ ! -f "@CONFDIR@/spamfilter.conf" ] ; then \
 		$(INSTALL) -m 0600 doc/conf/spamfilter.conf @CONFDIR@ ; \
 	fi
+	-@extras/patches/patch_spamfilter_conf "@CONFDIR@"
 	-@if [ ! -f "@CONFDIR@/badwords.conf" ] ; then \
 		$(INSTALL) -m 0600 doc/conf/badwords.conf @CONFDIR@ ; \
 	fi
diff --git a/extras/patches/patch_spamfilter_conf b/extras/patches/patch_spamfilter_conf
new file mode 100755
index 000000000..7589f7fcc
--- /dev/null
+++ b/extras/patches/patch_spamfilter_conf
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# This script tries to upgrade spamfilter.conf from an old
+# version that uses 'posix' spamfilters to a bit more recent
+# version with examples using 'regex' spamfilters.
+# This so fewer users end up with a headache when upgrading
+# to UnrealIRCd 4.2.3+.
+#
+
+if [ -f spamfilter.conf.patch ]; then
+	F="`pwd`/spamfilter.conf.patch"
+elif [ -f extras/patches/spamfilter.conf.patch ]; then
+	F="`pwd`/extras/patches/spamfilter.conf.patch"
+else
+	echo "WARNING: spamfilter.conf.patch not found"
+	exit 0
+fi
+
+if [ ! -f "$F" ]; then
+	echo "WARNING: spamfilter.conf.patch not found in round two"
+	exit 0
+fi
+
+if [ "$1" = "" ]; then
+	echo "ERROR: No target confdir specified."
+	exit 0
+fi
+
+if [ ! -f "$1/spamfilter.conf" ]; then
+	echo "WARNING: no spamfilter.conf found in $1 -- strange"
+	exit 0
+fi
+
+cd "$1" || exit 1
+cat "$F"|patch -p0 --dry-run -N 1>/dev/null 2>&1
+if [ "$?" = 0 ]; then
+	# Patch succeeded, patch now!
+	echo "Upgrading examples in your spamfilter.conf..."
+	cat "$F"|patch -p0 -N
+fi
diff --git a/extras/patches/spamfilter.conf.patch b/extras/patches/spamfilter.conf.patch
new file mode 100644
index 000000000..aba16d139
--- /dev/null
+++ b/extras/patches/spamfilter.conf.patch
@@ -0,0 +1,328 @@
+--- spamfilter.conf.old	2015-06-27 18:29:01.084559805 +0200
++++ spamfilter.conf	2019-04-04 18:29:38.390647262 +0200
+@@ -1,232 +1,154 @@
+ /*
+- * This an example spamfilter file, it contains several
+- * real and useful spamfilters. This should give you an
+- * idea of how powerful spamfilter can be in real-life
+- * situations.
++ * This configuration file contains example spamfilter rules.
++ * They are real rules that were useful a long time ago.
++ * Since 2005 these rules are no longer maintained.
++ * The main purpose nowadays is to serve as an example
++ * to give you an idea of how powerful spamfilters can
++ * be in real-life situations.
+  *
+- * $Id$
++ * Documentation on spamfilter is available at:
++ * https://www.unrealircd.org/docs/Spamfilter
+  */
+ 
+-/* Guidelines on the 'action' field:
+- * As a general rule we use 'action block' for any newly added
+- * spamfilters at first, later on (after knowing about false
+- * positives) we might change some to viruschan/kill/gline/etc..
++/* General note:
++ * If you want to use a \ in a spamfilter, or in fact
++ * anywhere in the configuration file, then you need
++ * to escape this to \\ instead.
+  */
+ 
+-spamfilter {
+-	match-type posix;
+-	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
+-	target { private; channel; };
+-	action kill;
+-	reason "mIRC 6.0-6.11 exploit attempt";
+-};
+ 
+-spamfilter {
+-	match-type posix;
+-	match "\x01DCC (SEND|RESUME).{225}";
+-	target { private; channel; };
+-	action kill;
+-	reason "Possible mIRC 6.12 exploit attempt";
+-};
++/* First some spamfilters with match-type 'simple'.
++ * The only matchers available are * and ?
++ * PRO's: very fast, easy matching: everyone can do this.
++ * CON's: limited ability to fine-tune spamfilters
++ */
+ 
+ spamfilter {
+-	match-type posix;
+-	match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
++	match-type simple;
++	match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
+ 	target private;
+ 	action gline;
+ 	reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
+ };
+ 
++/* This signature uses a \ which has to escaped to \\ in the configuration file */
+ spamfilter {
+-	match-type posix;
+-	match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
+-	target private;
+-	action gline;
+-	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+-	target private;
++	match-type simple;
++	match "C:\\WINNT\\system32\\*.zip";
++	target dcc;
+ 	action block;
+-	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
++	reason "Infected by Gaggle worm?";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
++	match-type simple;
++	match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
+ 	target private;
+ 	action gline;
+-	reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!login Wasszup!$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to login to a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!login grrrr yeah baby!$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to login to a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
++	reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
+-	target channel;
++	match-type simple;
++	match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
++	target private;
+ 	action gline;
+-	reason "Attempting to use a GTBot";
++	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+ };
+ 
+-spamfilter {
+-	match-type posix;
+-	match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use a GTBot";
+-};
+ 
+-spamfilter {
+-	match-type posix;
+-	match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
+-	target channel;
+-	action gline;
+-	reason "Attempting to use an SDBot";
+-};
++/* Now spamfilters of type 'regex'.
++ * These use powerful regular expressions (Perl/PCRE style)
++ * You may have to learn more about "regex" first before you
++ * can use them. For example the dot ('.') has special meaning.
++ */
+ 
++/* This regex shows a pattern which requires 20 paramaters,
++ * such as "x x x x x x x x x x x x x x x x x x x x"
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
+-	target { channel; private; };
+-	action gline;
+-	reason "Attempting to use a SpyBot";
++	match-type regex;
++	match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
++	target { private; channel; };
++	action kill;
++	reason "mIRC 6.0-6.11 exploit attempt";
+ };
+ 
++/* Similarly, this regex shows a pattern that matches
++ * against at least 225 characters in length.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^porn! porno! http://.+\/sexo\.exe";
+-	target private;
+-	action gline;
+-	reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
++	match-type regex;
++	match "\x01DCC (SEND|RESUME).{225}";
++	target { private; channel; };
++	action kill;
++	reason "Possible mIRC 6.12 exploit attempt";
+ };
+ 
++/* Earlier you saw an example of a $decode exploit which used
++ * match-type 'simple' and - indeed - the filter was quite simple.
++ * The following uses a regex with a similar example.
++ * Regular expressions are very powerful but here you can see
++ * that it actually complicates writing a filter quite a bit.
++ * With regex in this filter we need to escape the ( and all
++ * the dots, question marks, etc. if we want to match these
++ * characters in literal text.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
++	match-type regex;
++	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+ 	target private;
+-	action gline;
+-	reason "Infected by some trojan (erotica?)";
++	action block;
++	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
+ };
+ 
+ spamfilter {
+-	match-type posix;
+-	match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
++	match-type regex;
++	match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
+ 	target private;
+-	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	action block;
++	reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
+ };
+ 
++/* This shows a regex which specifically matches an entire line by 
++ * the use of ^ and $
++ */
+ spamfilter {
+-	match-type posix;
+-	match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
+-	target private;
++	match-type regex;
++	match "^!login Wasszup!$";
++	target channel;
+ 	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	reason "Attempting to login to a GTBot";
+ };
+ 
++/* An example of how to match against an IP address in text (IPv4 only) */
+ spamfilter {
+-	match-type posix;
+-	match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
+-	target private;
++	match-type regex;
++	match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
++	target channel;
+ 	action gline;
+-	reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
++	reason "Attempting to use a GTBot";
+ };
+ 
++/* A slightly more complex example with a partial OR matcher (|) */
+ spamfilter {
+-	match-type posix;
+-	match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
++	match-type regex;
++	match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
+ 	target private;
+ 	action gline;
+-	reason "Infected by LOI trojan";
+-};
+-
+-/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
+-spamfilter {
+-	match-type posix;
+-	match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
+-	target dcc;
+-	action block;
+-	reason "Infected by Gaggle worm?";
++	reason "Infected by some trojan (erotica?)";
+ };
+ 
++/* In regex a \ is special and needs to be escaped to \\
++ * However in this configuration file, \ is also special and
++ * needs to be escaped to \\ as well.
++ * The result is that we need double escaping:
++ * To match a \ you need to write \\\\ in the configuration file.
++ */
+ spamfilter {
+-	match-type posix;
+-	match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
++	match-type regex;
++	match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
+ 	target dcc;
+ 	action dccblock;
+ 	reason "Infected by Gaggle worm";
+ };
+-
+-spamfilter {
+-	match-type posix;
+-	match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
+-	target { private; quit; };
+-	action block;
+-	reason "Infected by Gaggle worm";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
+-	target private;
+-	action block;
+-	reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
+-};
+-
+-spamfilter {
+-	match-type posix;
+-	match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
+-	target channel;
+-	action block;
+-	reason "$decode exploit";
+-};
+-
+-/*
+-spamfilter {
+-	regex "//write \$decode\(.+\|.+load -rs";
+-	target { private; channel; };
+-	reason "Generic $decode exploit";
+-	action block;
+-};
+-*/
+-
+-spamfilter {
+-	match-type posix;
+-	match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
+-	target private;
+-	action block;
+-	reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
+-};