A system for stopping backscatter
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
doc
.gitattributes
.gitignore
AUTHORS
COPYING
Makefile
NEWS
README
RELEASE_NOTES-0.5
TODO
address.cpp
address.hpp
batv-keygen
batv-keygen.1
batv-milter.8
batv-milter.cpp
batv-sendmail
batv-sendmail.1
batv-sign.1
batv-sign.cpp
batv-validate.1
batv-validate.cpp
blockhash.hpp
common.cpp
common.hpp
config-milter.cpp
config-milter.hpp
config.cpp
config.hpp
hmac.hpp
key.cpp
key.hpp
prvs.cpp
prvs.hpp
sha1.cpp
sha1.hpp
util.cpp
util.hpp
verify.cpp
verify.hpp

README

ABOUT BATV-TOOLS

batv-tools implements Bounce Address Tag Validation, a system
for filtering backscatter.  Briefly, BATV works as follows:

  1. The envelope sender of all outgoing mail is rewritten ("signed")
     to contain a cryptographic token.  If the message bounces,
     it is bounced to this address.

  2. The envelope recipient of all incoming bounces is checked
     for a valid token.  If a bounce has a missing or invalid token,
     it's obviously not in reply to a real message and can be filtered.

BATV is described by an Internet Draft which was last revised in
2008.  batv-tools implements the draft standard, but also supports
an alternative address meta-syntax based on sub-addressing, described
below.

batv-tools provides both a milter (batv-milter) and a collection
of standalone tools (batv-sign, batv-validate, batv-sendmail) that
do signing and validation.  The standalone tools enable individual
users to use BATV without the involvement of their system administrators.

batv-tools was written by Andrew Ayer <agwa at andrewayer dot name>.
For more information, see <https://www.agwa.name/projects/batv-tools>.


HOW BATV-TOOLS WORKS

Outgoing mail is passed through either batv-milter or batv-sign.  If a
BATV key exists for the envelope sender, the envelope sender is rewritten
to a signed BATV address.

Incoming mail is passed through either batv-milter or batv-validate.
The envelope recipient is validated and the result of the validation
is placed in the X-Batv-Status header.  If the envelope recipient contains
a valid BATV signature, it is rewritten to its original non-BATV form.

batv-milter can be configured to reject bounces which aren't addressed to
a valid BATV signature, but by default, it is the user's responsibility
to filter mail based on the X-Batv-Status header.


BUILDING BATV-TOOLS

Run 'make'.  To build only the standalone tools (and not the milter),
run 'make all-tools'.


GETTING UP AND RUNNING

See doc/quickstart.milter.txt and doc/quickstart.standalone.txt for
instructions on getting up-and-running quickly.


DEPENDENCIES

To use the milter, you need:

  * libmilter, from Sendmail 8.14.0 or higher
  * Postfix 2.6 or higher, Sendmail 8.14.0 or higher, or a MTA with equivalent
    milter functionality

To build you need a C++ compiler (such as gcc) and development
headers for libmilter.


CURRENT STATUS

The current version of batv-tools is 0.8, released on 2015-03-13.
batv-tools aims to be bug-free and reliable, meaning it shouldn't crash,
malfunction, or do horrible things to your mail.  However, it has not
yet reached maturity, meaning it is not as documented, featureful, or
easy-to-use as it should be.  Additionally, we may make
backwards-incompatible changes before batv-tools reaches version 1.0.

Testing is currently focused on discovering gotchas with batv-tools'
design and identifying ways to reduce friction when using batv-tools.


SUB-ADDRESS META-SYNTAX

batv-tools supports an alternative (and highly-recommended) address
meta-syntax based on sub-addressing (aka "plus" addressing).  Instead of
rewriting the entire local part of the email address, the BATV token is
appended to the local part after a sub-address delimiter (typically '+'
or '-').  For example:

        andrew+prvs=9352e50792@example.com

Since many mail systems support sub-addressing, this syntax permits
BATV-signed mail to be routed through mail servers that have no knowledge
of BATV.  This has a couple advantages:

  1. Backup MX servers which accept mail only for known recipients
     need not support BATV.  As long as they support sub-addressing,
     mail destined to BATV addresses will be accepted.  (In contrast,
     the standard meta-syntax appears to the backup MX server as an
     unknown recipient, meaning the backup MX server must either accept
     all mail regardless of recipient (a bad idea), or support BATV
     (not always feasible).)

  2. It lets individual users use BATV with support from their MUA and/or
     MDA, without the MTA needing to support BATV.

The standalone BATV tools support only the non-standard sub-address syntax
(otherwise MTA support would be required).  The milter uses the standard
syntax by default but may be configured to use sub-address syntax.
It is highly recommended that you use the sub-address syntax; batv-tools
is most extensively tested with the sub-address syntax, and using the
standard syntax may require additional configuration from your MTA that
isn't documented here.


PROJECT RESOURCES

Home page:      https://agwa.name/projects/batv-tools
Git repository: https://agwa.name/git/batv-tools.git
                https://github.com/AGWA/batv-tools.git (mirror)
GitHub project: https://github.com/AGWA/batv-tools
Issue tracker:  https://github.com/AGWA/batv-tools/issues
Announce list:  https://lists.cloudmutt.com/mailman/listinfo/batv-tools-announce
Discuss list:   https://lists.cloudmutt.com/mailman/listinfo/batv-tools-discuss

For help or questions, send mail to the discuss list
<batv-tools-discuss@lists.cloudmutt.com>.  To report a bug or make a
feature request, please open an issue at GitHub or send mail to the
discuss list.  To contribute code, please send a properly-formatted
patch to the discuss list, or open a pull request at GitHub.


DEBIAN PACKAGING

Debian packaging, complete with an init script, can be found in the
'debian' branch of the project Git repository.  The package is built
using git-buildpackage as follows:

  1. Check out the debian branch: `git checkout debian`
  2. Build the package: `git-buildpackage -uc -us`


FURTHER DOCUMENTATION AND EXAMPLES

See files in the 'doc' sub-directory.


LEGALESE

Copyright (C) 2013 Andrew Ayer

Licensed predominantly under the GPLv3 with OpenSSL Linking Exception.
Also contains code licensed under more permissive GPL-compatible licenses.

batv-tools is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.

See COPYING for details.