A catch-all email address is used to accept all email traffic to an entire domain, no matter the validity of the envelope recipient address.
While catch-all addresses are prone to spam, they are often used to;
- lure in spammers, and let them waste their time, potentially reducing spam sent to valid targets,
- ensure that messages to previously valid email addresses are not bounced as undeliverable,
A catch-all address can be created by making modifications to Kolab’s Postfix configuration. The principle is as follows;
- An email alias of
email@example.com added to a valid Kolab user or shared mail folder,
- All email not destined for otherwise valid addresses is delivered to this Kolab user or shared mail folder.
Please note that the validation of the arbitrary group of recipient addresses does not therefore also entitle any actual recipient to submit email using any arbitrary envelope sender address.
In Standalone Environments
In standalone environments, also known as single-tenant installations, you’ll need to provide an additional lookup table for Postfix in
/etc/postfix/ldap/virtual_alias_maps_catchall.cf with the following contents:
server_host = localhost server_port = 389 version = 3 search_base = dc=example,dc=com scope = sub domain = ldap:/etc/postfix/ldap/mydestination.cf bind_dn = uid=kolab-service,ou=Special Users,dc=example,dc=com bind_pw = ****** query_filter = (&(alias=catchall@%d)(objectclass=kolabinetorgperson)) result_attribute = mail
Next, you’ll need to change the following two settings in
local_recipient_maps = ldap:/etc/postfix/ldap/local_recipient_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf virtual_alias_maps = $alias_maps, ldap:/etc/postfix/ldap/virtual_alias_maps.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf, ldap:/etc/postfix/ldap/mailenabled_distgroups.cf, ldap:/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf, ldap:/etc/postfix/ldap/virtual_alias_maps_catchall.cf
In Hosted Environments
In hosted environments, additional care needs to be taken to avoid catch-all addresses from being created by individual users. Only domain owners should be allowed to create catch-all addresses for their domains.
To illustrate, imagine the following scenario;
- Individuals register for Kolab accounts in the domain kolabnow.com.
- A group manager account has the domain kolab.org registered.
While the group manager should be allowed to register a firstname.lastname@example.org address, no individual should be allowed to create a functional email@example.com address.
The following change to the query filter for the virtual alias maps lookup table for catchall addresses (in
/etc/postfix/ldap/virtual_alias_maps_catchall.cf) creates an exception to the validity of catchall addresses in the part of the LDAP directory hierarchy where individuals register their accounts:
query_filter = (&(!(entrydn=*,ou=People,dc=kolabnow,dc=com))(alias=catchall@%d)(objectclass=kolabinetorgperson))
Note that the account for a user
firstname.lastname@example.org would be registered in the following position in the hierarchy:
email@example.com will render a functional catch-all address for this entry, per the aforementioned query, whereas a user account
firstname.lastname@example.org is created in a different position in the hierarchy:
An alias of
email@example.com would not be excluded by the aforementioned filter modification, and would thus be valid and functional.
Note that additional care should be taken to let no individual user register with a catchall username, regardless of the domain. This precaution should be taken in the customer-facing, front-end application.