Create a Catch All Email Address

A catch-all email address is used to accept all email traffic to an entire domain, no matter the validity of the envelope recipient address.

While catch-all addresses are prone to spam, they are often used to;

  • lure in spammers, and let them waste their time, potentially reducing spam sent to valid targets,
  • ensure that messages to previously valid email addresses are not bounced as undeliverable,
  • etc.

A catch-all address can be created by making modifications to Kolab’s Postfix configuration. The principle is as follows;

  • An email alias of catchall@example.com is added to a valid Kolab user or shared mail folder,
  • All email not destined for otherwise valid addresses is delivered to this Kolab user or shared mail folder.

Please note that the validation of the arbitrary group of recipient addresses does not therefore also entitle any actual recipient to submit email using any arbitrary envelope sender address.

In Standalone Environments

In standalone environments, also known as single-tenant installations, you’ll need to provide an additional lookup table for Postfix in /etc/postfix/ldap/virtual_alias_maps_catchall.cf with the following contents:

server_host = localhost
server_port = 389
version = 3

search_base = dc=example,dc=com
scope = sub

domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=example,dc=com
bind_pw = ******
query_filter = (&(alias=catchall@%d)(objectclass=kolabinetorgperson))
result_attribute = mail

Next, you’ll need to change the following two settings in /etc/postfix/main.cf:

local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf,
    ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf

virtual_alias_maps = $alias_maps,
    ldap:/etc/postfix/ldap/virtual_alias_maps.cf,
    ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf,
    ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf,
    ldap:/etc/postfix/ldap/mailenabled_distgroups.cf,
    ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf,
    ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf

In Hosted Environments

In hosted environments, additional care needs to be taken to avoid catch-all addresses from being created by individual users. Only domain owners should be allowed to create catch-all addresses for their domains.

To illustrate, imagine the following scenario;

  • Individuals register for Kolab accounts in the domain kolabnow.com.
  • A group manager account has the domain kolab.org registered.

While the group manager should be allowed to register a catchall@kolab.org address, no individual should be allowed to create a functional catchall@kolabnow.com address.

The following change to the query filter for the virtual alias maps lookup table for catchall addresses (in /etc/postfix/ldap/virtual_alias_maps_catchall.cf) creates an exception to the validity of catchall addresses in the part of the LDAP directory hierarchy where individuals register their accounts:

query_filter = (&(!(entrydn=*,ou=People,dc=kolabnow,dc=com))(alias=catchall@%d)(objectclass=kolabinetorgperson))

Note that the account for a user vanmeeuwen@kolabnow.com would be registered in the following position in the hierarchy:

uid=vanmeeuwen@kolabnow.com,ou=People,dc=kolabnow,dc=com

No alias catchall@kolabnow.com will render a functional catch-all address for this entry, per the aforementioned query, whereas a user account jeroen@kolab.org is created in a different position in the hierarchy:

uid=jeroen@kolab.org,ou=People,ou=kolab.org,dc=kolabnow,dc=com

An alias of catchall@kolab.org would not be excluded by the aforementioned filter modification, and would thus be valid and functional.

Note that additional care should be taken to let no individual user register with a catchall username, regardless of the domain. This precaution should be taken in the customer-facing, front-end application.

Posted in Guides and tagged , , , , , , , .