The implementation code is available in our code repository.
The Halon platform has support for BATV (Bounce Tag Address Validation). It provides cryptographic mechanisms to verify the integrity of a bounced message in order to prevent backscatter. BATV works by rewriting the sender (MAIL FROM) address to a unique (yet valid for X days) address that allows bounces during that time window. If a bounce (empty envelope sender) is received to an address with a BATV tag it is then possible to validate that the tag was created by you less than X days ago. If a bounce is received to an address without a BATV tag or if it is invalid/expired it should be rejected.
Sign BATV
Add the following to your outbound MAIL FROM context:
import { batv_sign } from "extras://batv";
$sender = $arguments["sender"];
$options = [];
if ($sender !== "") {
$sender = batv_sign($sender, "secret key");
$options["sender"] = $sender;
}
// Add rest of your MAIL FROM logic here
Accept($options);
Verify and strip BATV
Add the following to your inbound RCPT TO context:
import { batv_verify, batv_strip } from "extras://batv";
$recipient = $arguments["recipient"];
$options = [];
if ($transaction["sender"] === "" or $transaction["sender"] =~ "/^mailer-daemon@/i") {
$result = batv_verify($recipient, [0 => "secret key"]);
if ($result !== "pass")
Reject("Invalid bounce");
$recipient = batv_strip($recipient);
$options["recipient"] = $recipient;
}
// Add rest of your RCPT TO logic here
Accept($options);
Key rotation
BATV keys should be rotated when needed or every 1000th day for good security.
First key
batv_sign($sender, "myfirstkey");
batv_verify($recipient, [0 => "myfirstkey"]);
Second key
batv_sign($sender, "mysecondkey", ["keyid" => 1]);
batv_verify($recipient, [0 => "myfirstkey", 1 => "mysecondkey"]);
Second key (but seven days later, the old first key can be removed)
batv_verify($recipient, [1 => "mysecondkey"]);
Comments
0 comments
Article is closed for comments.