batv-filter(8)batv-filter(8)NAMEbatv-filter - BATV (Bounce Address Tag Validation) filter for sendmail
SYNOPSISbatv-filter-p socketspec -k key [-a allowlist] [-A] [-b] [-c conffile]
[-d domainlist] [-D debuglevel] [-f] [-i ilist] [-l] [-m mtaname[,...]]
[-M macro[=value][,...]] [-n] [-P pidfile] [-q] [-r] [-s] [-S] [-t ttl]
[-u user] [-v version] [-V] [-x]
DESCRIPTIONbatv-filter implements the experimental Bounce Address Tag Validation
specification as a means to filter mail which claims to come from the
local domain which in fact does not.
For details regarding the proposal, consult the draft text.
OPTIONS-a allowlist
Identifies a file of envelope addresses which should be immedi‐
ately allowed (not processed) by the filter. Matching is done
on both sender (MAIL FROM) and recipient (RCPT TO) addresses.
The hash character ("#") denotes comments in the usual shell
script style; data after a hash character on any given line is
ignored. Blank lines are also ignored. The entries in this
file may include wildcard ("*") characters.
-A Automatically re-start on failures. Use with caution; if the
filter fails instantly after it starts, this can cause a tight
fork(2) loop.
-b By default, arriving messages addressed to users in domains
listed by the -d option must be signed if they are bounces (i.e.
empty envelope sender) but not otherwise; bounces to unsigned
addresses will be rejected. This option applies the verifica‐
tion to all envelope senders, not just the empty sender.
-c conffile
Names a configuration file to be read after command line argu‐
ments are processed. Values on the command line generally over‐
ride those found in the configuration file. See batv-fil‐
ter.conf(5).
-d domainlist
Specifies a comma-separated list of domain names whose mail
should be signed and verified by this filter. Specify all pos‐
sible subdomains by prefixing a dot (".") to the appropriate
entries. If no domains are specified, mail for all domains is
signed. See also the -i option below. This may also be the
path to a file containing entries in the domain list, one per
line. Blank lines and those beginning with a hash ("#") charac‐
ter will be ignored.
-D debuglevel
Requests milter debugging at the specified debug level.
-f Suppresses the call to fork(), so that the filter runs in the
foreground.
-h Causes batv-filter to add a header indicating the presence of
this filter in the path of the message from injection to deliv‐
ery. The product's name, version, and the job ID are included
in the header's contents.
-i ilist
Specifies a file which contains a list of hostnames, IP
addresses or CIDR-style IP specifications (e.g.
"192.168.1.0/24"). Mail coming from these sources should be
signed rather than being verified. See also the -d option
above. If unspecified, a single-entry list referring to
"127.0.0.1/32" is assumed.
-k key Specifies the file in which to find the key to be used when
signing outgoing mail and verifying arriving mail. The key can
be any arbitrary text string and should appear one the first
line of this file.
-l Log via calls to syslog(3) any interesting activity.
-m mtaname[,...]
A comma-separated list of MTA names (a la the sendmail(8) Dae‐
monPortOptions Name parameter) whose mail should be signed by
this filter. If not set, the MTA name is not used when deciding
whether or not a message should be signed.
-M macro[=value][,...]
Defines a set of MTA-provided macros which should be checked to
see if the sender has been determined to be a local user and
therefore whether or not the message should be signed. If a
value is specified, the value of the macro must match the value
specified (matching is case-insensitive), otherwise the macro
must be defined but may contain any value. Multiple tests may
be specified, separated by commas. The set is empty by default,
meaning macros are not used when deciding whether or not a mes‐
sage should be signed.
The general format of the string is test1[,test2[,...]] where a
"test" is of the form macro[=value1[|value2[|...]]]; if one or
more value is defined then the macro must be set to one of the
listed values, otherwise the macro must be set but can contain
any value.
-n Don't reject things which fail validation.
-p socketspec
Specifies the socket that should be established by the filter to
receive connections from sendmail(8) in order to provide ser‐
vice. socketspec is in one of two forms: local:path which cre‐
ates a UNIX domain socket at the specified path, or
inet:port[@host] which creates a TCP socket on the specified
port. If the host is not given as either a hostname or an IP
address, the socket will be listening on all interfaces. This
option is mandatory.
-P pidfile
Writes the process ID of the filter, once started, to the file‐
name given.
-q Quarantine messages whose signatures fail to verify, or which
should have had a signed envelope but did not.
-r Do not reject mail that fails to validate. Also, add an Authen‐
tication-Results header to mail coming through the filter so
that downstream filters or MUAs can decide what action to take
based on what this filter observed.
-s Causes mail from clients authenticated to the MTA to be ignored
(passed) by the filter. The default is to process even authen‐
ticated messages.
-S Requests that the MTA provide meaningful SMTP reply codes when
rejecting messages rather than their un-descriptive defaults.
-t ttl Specifies that signatures expire after ttl days. The default is
seven.
-u userid
Attempts to be come the specified userid before starting opera‐
tions.
-v version
Sets the key version to version. The default is zero. Must be
an integer from 0 to 9. Only signatures matching the current
version are considered valid, even if the signature would other‐
wise validate.
-V Print the version number and exit without doing anything else.
-x Activates an experimental Sendmail variant of BATV. See the
LOCAL MODIFICATIONS section below for details.
OPERATION
A message will be verified unless it conforms to the signing criteria,
which are: (1) the domain on the envelope sender address must be listed
by the -d command line switch, and (2) the client connecting to the MTA
must (a) have authenticated, or (b) be listed in the file referenced by
the -i command line switch.
LOCAL MODIFICATIONS
Adding -x to the command line will cause the filter to sign and verify
using a Sendmail, Inc. variant of BATV. This method uses the basic
idea of BATV but appends the tag rather than prepending it, and uses
the "+" character instead of the "=" character to separate the BATV tag
from the actual address. This is more compatible with configurations
and filters that accomodate the existing MTA-supported address tagging
system which has been around since at least the mid 1990s.
VERSION
This man page covers version 0.5.0 of batv-filter.
COPYRIGHT
Copyright (c) 2007-2009 Sendmail, Inc. and its suppliers. All rights
reserved.
SEE ALSObatv-filter.conf(5), sendmail(8)
Sendmail Operations Guide
RFC2821 - Simple Mail Transfer Protocol
RFC5451 - Message Header Field for Indicating Message Authentication
Status
Sendmail, Inc. batv-filter(8)