batv-filter man page on DragonFly

Man page or keyword search:  
man Server   44335 pages
apropos Keyword Search (all sections)
Output format
DragonFly logo
[printable version]

batv-filter(8)							batv-filter(8)

NAME
       batv-filter - BATV (Bounce Address Tag Validation) filter for sendmail

SYNOPSIS
       batv-filter -p socketspec -k key [-a allowlist] [-A] [-b] [-c conffile]
       [-d domainlist] [-D debuglevel] [-f] [-i ilist] [-l] [-m mtaname[,...]]
       [-M macro[=value][,...]] [-n] [-P pidfile] [-q] [-r] [-s] [-S] [-t ttl]
       [-u user] [-v version] [-V] [-x]

DESCRIPTION
       batv-filter implements the experimental Bounce Address  Tag  Validation
       specification  as  a means to filter mail which claims to come from the
       local domain which in fact does not.

       For details regarding the proposal, consult the draft text.

OPTIONS
       -a allowlist
	      Identifies a file of envelope addresses which should be  immedi‐
	      ately  allowed  (not processed) by the filter.  Matching is done
	      on both sender (MAIL FROM) and recipient	(RCPT  TO)  addresses.
	      The  hash	 character  ("#")  denotes comments in the usual shell
	      script style; data after a hash character on any given  line  is
	      ignored.	 Blank	lines  are  also ignored.  The entries in this
	      file may include wildcard ("*") characters.

       -A     Automatically re-start on failures.  Use with  caution;  if  the
	      filter  fails  instantly after it starts, this can cause a tight
	      fork(2) loop.

       -b     By default, arriving messages  addressed	to  users  in  domains
	      listed by the -d option must be signed if they are bounces (i.e.
	      empty envelope sender) but not otherwise;	 bounces  to  unsigned
	      addresses	 will  be rejected.  This option applies the verifica‐
	      tion to all envelope senders, not just the empty sender.

       -c conffile
	      Names a configuration file to be read after command  line	 argu‐
	      ments are processed.  Values on the command line generally over‐
	      ride those found	in  the	 configuration	file.	See  batv-fil‐
	      ter.conf(5).

       -d domainlist
	      Specifies	 a  comma-separated  list  of  domain names whose mail
	      should be signed and verified by this filter.  Specify all  pos‐
	      sible  subdomains	 by  prefixing	a dot (".") to the appropriate
	      entries.	If no domains are specified, mail for all  domains  is
	      signed.	See  also  the	-i option below.  This may also be the
	      path to a file containing entries in the domain  list,  one  per
	      line.  Blank lines and those beginning with a hash ("#") charac‐
	      ter will be ignored.

       -D debuglevel
	      Requests milter debugging at the specified debug level.

       -f     Suppresses the call to fork(), so that the filter	 runs  in  the
	      foreground.

       -h     Causes  batv-filter  to  add a header indicating the presence of
	      this filter in the path of the message from injection to	deliv‐
	      ery.   The  product's name, version, and the job ID are included
	      in the header's contents.

       -i ilist
	      Specifies	 a  file  which	 contains  a  list  of	hostnames,  IP
	      addresses	    or	   CIDR-style	 IP    specifications	 (e.g.
	      "192.168.1.0/24").  Mail coming from  these  sources  should  be
	      signed  rather  than  being  verified.   See  also the -d option
	      above.   If  unspecified,	 a  single-entry  list	referring   to
	      "127.0.0.1/32" is assumed.

       -k key Specifies	 the  file  in	which  to find the key to be used when
	      signing outgoing mail and verifying arriving mail.  The key  can
	      be  any  arbitrary  text	string and should appear one the first
	      line of this file.

       -l     Log via calls to syslog(3) any interesting activity.

       -m mtaname[,...]
	      A comma-separated list of MTA names (a la the  sendmail(8)  Dae‐
	      monPortOptions  Name  parameter)	whose mail should be signed by
	      this filter.  If not set, the MTA name is not used when deciding
	      whether or not a message should be signed.

       -M macro[=value][,...]
	      Defines  a set of MTA-provided macros which should be checked to
	      see if the sender has been determined to be  a  local  user  and
	      therefore	 whether  or  not  the message should be signed.  If a
	      value is specified, the value of the macro must match the	 value
	      specified	 (matching  is	case-insensitive), otherwise the macro
	      must be defined but may contain any value.  Multiple  tests  may
	      be specified, separated by commas.  The set is empty by default,
	      meaning macros are not used when deciding whether or not a  mes‐
	      sage should be signed.

	      The general format of the string is test1[,test2[,...]]  where a
	      "test" is of the form macro[=value1[|value2[|...]]]; if  one  or
	      more  value  is defined then the macro must be set to one of the
	      listed values, otherwise the macro must be set but  can  contain
	      any value.

       -n     Don't reject things which fail validation.

       -p socketspec
	      Specifies the socket that should be established by the filter to
	      receive connections from sendmail(8) in order  to	 provide  ser‐
	      vice.   socketspec is in one of two forms: local:path which cre‐
	      ates  a  UNIX  domain  socket  at	  the	specified   path,   or
	      inet:port[@host]	which  creates	a  TCP socket on the specified
	      port.  If the host is not given as either a hostname  or	an  IP
	      address,	the  socket will be listening on all interfaces.  This
	      option is mandatory.

       -P pidfile
	      Writes the process ID of the filter, once started, to the	 file‐
	      name given.

       -q     Quarantine  messages  whose  signatures fail to verify, or which
	      should have had a signed envelope but did not.

       -r     Do not reject mail that fails to validate.  Also, add an Authen‐
	      tication-Results	header	to  mail  coming through the filter so
	      that downstream filters or MUAs can decide what action  to  take
	      based on what this filter observed.

       -s     Causes  mail from clients authenticated to the MTA to be ignored
	      (passed) by the filter.  The default is to process even  authen‐
	      ticated messages.

       -S     Requests	that  the MTA provide meaningful SMTP reply codes when
	      rejecting messages rather than their un-descriptive defaults.

       -t ttl Specifies that signatures expire after ttl days.	The default is
	      seven.

       -u userid
	      Attempts	to be come the specified userid before starting opera‐
	      tions.

       -v version
	      Sets the key version to version.	The default is zero.  Must  be
	      an  integer  from	 0 to 9.  Only signatures matching the current
	      version are considered valid, even if the signature would other‐
	      wise validate.

       -V     Print the version number and exit without doing anything else.

       -x     Activates	 an  experimental  Sendmail  variant of BATV.  See the
	      LOCAL MODIFICATIONS section below for details.

OPERATION
       A message will be verified unless it conforms to the signing  criteria,
       which are: (1) the domain on the envelope sender address must be listed
       by the -d command line switch, and (2) the client connecting to the MTA
       must (a) have authenticated, or (b) be listed in the file referenced by
       the -i command line switch.

LOCAL MODIFICATIONS
       Adding -x to the command line will cause the filter to sign and	verify
       using  a	 Sendmail,  Inc.  variant of BATV.  This method uses the basic
       idea of BATV but appends the tag rather than prepending	it,  and  uses
       the "+" character instead of the "=" character to separate the BATV tag
       from the actual address.	 This is more compatible  with	configurations
       and  filters that accomodate the existing MTA-supported address tagging
       system which has been around since at least the mid 1990s.

VERSION
       This man page covers version 0.5.0 of batv-filter.

COPYRIGHT
       Copyright (c) 2007-2009 Sendmail, Inc. and its suppliers.   All	rights
       reserved.

SEE ALSO
       batv-filter.conf(5), sendmail(8)

       Sendmail Operations Guide

       RFC2821 - Simple Mail Transfer Protocol

       RFC5451	-  Message  Header Field for Indicating Message Authentication
       Status

				Sendmail, Inc.			batv-filter(8)
[top]

List of man pages available for DragonFly

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net