Signing with BATV
The implementation code is available in our code repository.
The Halon platform has support for BATV (Bounce Tag Address Validation). It provides cryptographic mechanisms to verify the integrity of a bounced message in order to prevent backscatter. BATV works by rewriting the sender (MAIL FROM) address to a unique (yet valid for X days) address that allows bounces during that time window. If a bounce (empty envelope sender) is received to an address with a BATV tag it is then possible to validate that the tag was created by you less than X days ago. If a bounce is received to an address without a BATV tag or if it is invalid/expired it should be rejected.
Sign BATV
Add the following to your outbound MAIL FROM context:
import { batv_sign } from "extras://batv";
$sender = $arguments["sender"];
$options = [];
if ($sender !== "") {
$sender = batv_sign($sender, "secret key");
$options["sender"] = $sender;
}
// Add rest of your MAIL FROM logic here
Accept($options);
Verify and strip BATV
Add the following to your inbound RCPT TO context:
import { batv_verify, batv_strip } from "extras://batv";
$recipient = $arguments["recipient"];
$options = [];
if ($transaction["sender"] === "" or $transaction["sender"] =~ "/^mailer-daemon@/i") {
$result = batv_verify($recipient, [0 => "secret key"]);
if ($result !== "pass")
Reject("Invalid bounce");
$recipient = batv_strip($recipient);
$options["recipient"] = $recipient;
}
// Add rest of your RCPT TO logic here
Accept($options);
Key rotation
BATV keys should be rotated when needed or every 1000th day for good security.
First key
batv_sign($sender, "myfirstkey");
batv_verify($recipient, [0 => "myfirstkey"]);
Second key
batv_sign($sender, "mysecondkey", ["keyid" => 1]);
batv_verify($recipient, [0 => "myfirstkey", 1 => "mysecondkey"]);
Second key (but seven days later, the old first key can be removed)
batv_verify($recipient, [1 => "mysecondkey"]);