The implementation code is available in our code repository.
The Halon platform features BATV (Bounce Tag Address Validation). It provides a cryptographic mechanisms to verify the integrity of a bounced message in order to prevent backscatter. BATV works by rewriting the sender (MAIL FROM) address to a unique (yet valid for X days) address while allowing bounced in a time window. If a bounce (empty envelope sender) is received to an address with a BATV tag, it is possible to validate that the tag was created by you less than X days ago. If a bounce is received to an address without a/invalid/expired BATV tag it should be rejected.
Sign BATV
Add the following to your outbound MAIL FROM context:
import { batv_sign } from "batv";
if ($sender !== "")
SetSender(batv_sign($sender, "secret key"));
Verify and strip BATV
Add the following to your inbound RCPT TO context:
import { batv_verify, batv_strip } from "batv";
if ($sender === "" or $sender =~ "/^mailer-daemon@/i") {
$result = batv_verify($recipient, [0 => "secret key"]);
if ($result !== "pass")
Reject("Invalid bounce");
SetRecipient(batv_strip($recipient));
}
Key rotation
BATV keys should be rotated when needed or every 1000th day for good security. When "needed" might be considered as when you start to receive bounces that actually goes through the verification process. It could mean that someone know the key, and sends forged messages with that key in use, but that is very unlikely to happen.
First key
batv_sign($sender, "myfirstkey");
batv_verify($recipient, [0 => "myfirstkey"]);
Second key
batv_sign($sender, "mysecondkey", ["keyid" => 1]);
batv_verify($recipient, [0 => "myfirstkey", 1 => "mysecondkey"]);
Second key (but seven days later, the old first key can be removed)
batv_verify($recipient, [1 => "mysecondkey"]);
Comments
0 comments
Article is closed for comments.