Master domain catchall address

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

Master domain catchall address

Robert Spencer-3
Hi,

I'd like to have a catchall address for my master domain (not a
virtual domain), but my searches haven't resulted in any info - could
someone please explain how to do it.

Thank.

--
Robert Spencer
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Charles Marcus
On 6/27/2008, Robert Spencer ([hidden email]) wrote:
> I'd like to have a catchall address for my master domain (not a
> virtual domain), but my searches haven't resulted in any info - could
> someone please explain how to do it.

Why? Catchalls break recipient validation, and are strongly discouraged
for normal production servers...

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

mouss-2
Charles Marcus wrote:
> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
>> I'd like to have a catchall address for my master domain (not a
>> virtual domain), but my searches haven't resulted in any info - could
>> someone please explain how to do it.

use virtual_alias_maps:

[hidden email]   [hidden email]
[hidden email]   [hidden email]
...
@example.com            [hidden email]


You need the "identity mappings" for valid users, otherwise, all mail
goes to the catchall.

>
> Why? Catchalls break recipient validation

they don't. all addresses are valid so should not generate backscatter
if nothing else is misconfigured. but:

> , and are strongly discouraged for normal production servers...

yes, because they attract a lot of junk.

Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Charles Marcus
On 6/27/2008, mouss ([hidden email]) wrote:
>> Why? Catchalls break recipient validation

> they don't.

They do for the SENDER... if they typo the address, they'll never know.

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Robert Spencer-3
In reply to this post by mouss-2
On 6/27/08, mouss <[hidden email]> wrote:

> Charles Marcus wrote:
>> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
>>> I'd like to have a catchall address for my master domain (not a
>>> virtual domain), but my searches haven't resulted in any info - could
>>> someone please explain how to do it.
>
> use virtual_alias_maps:
>
> [hidden email]   [hidden email]
> [hidden email]   [hidden email]
> ...
> @example.com            [hidden email]
>
>
> You need the "identity mappings" for valid users, otherwise, all mail
> goes to the catchall.

According to the doc's you can't use virtual_alias_maps for the master
domain/localhost.

>>
>> Why? Catchalls break recipient validation
>
> they don't. all addresses are valid so should not generate backscatter
> if nothing else is misconfigured. but:
>
>> , and are strongly discouraged for normal production servers...
>
> yes, because they attract a lot of junk.

Yes, I get huge amount of spam, but I make up addresses on the fly and
it's not convenient to list them all and all the addresses for that
domain need to come to me anyway.

--
Robert Spencer
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Ralf Hildebrandt
* Robert Spencer <[hidden email]>:

> On 6/27/08, mouss <[hidden email]> wrote:
> > Charles Marcus wrote:
> >> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
> >>> I'd like to have a catchall address for my master domain (not a
> >>> virtual domain), but my searches haven't resulted in any info - could
> >>> someone please explain how to do it.
> >
> > use virtual_alias_maps:
> >
> > [hidden email]   [hidden email]
> > [hidden email]   [hidden email]
> > ...
> > @example.com            [hidden email]
> >
> >
> > You need the "identity mappings" for valid users, otherwise, all mail
> > goes to the catchall.
>
> According to the doc's you can't use virtual_alias_maps for the master
> domain/localhost.

No, virtual_alias_maps apply to all mail

--
Ralf Hildebrandt ([hidden email])          [hidden email]
Postfix - Einrichtung, Betrieb und Wartung       Tel. +49 (0)30-450 570-155
http://www.arschkrebs.de
EDV ist die Abk�rzung f�r "Ende der Vernunft".
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

mouss-2
In reply to this post by Charles Marcus
Charles Marcus wrote:
> On 6/27/2008, mouss ([hidden email]) wrote:
>>> Why? Catchalls break recipient validation
>
>> they don't.
>
> They do for the SENDER... if they typo the address, they'll never know.

that's not "recipient validation". that's something else...

If they hire someone to redirect midirected mail, then they should be ok :)

and some people argue that if you mistype the domain, you may never know...

anyway, OP has been warned...

Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

mouss-2
In reply to this post by Ralf Hildebrandt
Ralf Hildebrandt wrote:
> [snip]
>> According to the doc's you can't use virtual_alias_maps for the master
>> domain/localhost.
>>    
>
> No, virtual_alias_maps apply to all mail
>
>  

people often confuse virtual_alias_maps with virtual_alias_domains.



Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

/dev/rob0
In reply to this post by Robert Spencer-3
On Fri June 27 2008 07:40:41 Robert Spencer wrote:
> I'd like to have a catchall address for my master domain (not a
> virtual domain), but my searches haven't resulted in any info - could
> someone please explain how to do it.

#include disclaimers/catchall-sucks.h

If you're talking about a mydestination domain with local(8) delivery,
the feature you seek is called "luser_relay".

http://www.postfix.org/LOCAL_RECIPIENT_README.html#change
http://www.postfix.org/local.8.html
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Wietse Venema
In reply to this post by Robert Spencer-3
Robert Spencer:
[ Charset ISO-8859-1 unsupported, converting... ]

> On 6/27/08, mouss <[hidden email]> wrote:
> > Charles Marcus wrote:
> >> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
> >>> I'd like to have a catchall address for my master domain (not a
> >>> virtual domain), but my searches haven't resulted in any info - could
> >>> someone please explain how to do it.
> >
> > use virtual_alias_maps:
> >
> > [hidden email]   [hidden email]
> > [hidden email]   [hidden email]
> > ...
> > @example.com            [hidden email]
> >
> >
> > You need the "identity mappings" for valid users, otherwise, all mail
> > goes to the catchall.
>
> According to the doc's you can't use virtual_alias_maps for the master
> domain/localhost.

The above DOES NOT use a virtual alias domain.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Charles Marcus
In reply to this post by Robert Spencer-3
On 6/27/2008, Robert Spencer ([hidden email]) wrote:
> but I make up addresses on the fly and it's not convenient to list
> them all and all the addresses for that domain need to come to me
> anyway.

Why not just use plus-addressing... this way you get the best of both
worlds (can 'make up addresses on the fly' *and* get proper recipient
validation)...

>>>> Catchalls break recipient validation

>>> they don't.

>> They do for the SENDER... if they typo the address, they'll never
>> know.

> that's not "recipient validation". that's something else...

It is recipient validation *from the perspective of the sender*... so
its all in how you look at it...

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Jorey Bump
Charles Marcus wrote, at 06/27/2008 10:44 AM:
> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
>> but I make up addresses on the fly and it's not convenient to list
>> them all and all the addresses for that domain need to come to me
>> anyway.
>
> Why not just use plus-addressing... this way you get the best of both
> worlds (can 'make up addresses on the fly' *and* get proper recipient
> validation)...

Plussed addresses have caveats: Some sites have broken email address
validation routines that won't accept them, and others will strip it
when they send, anyway.

>>>>> Catchalls break recipient validation
>
>>>> they don't.
>
>>> They do for the SENDER... if they typo the address, they'll never
>>> know.
>
>> that's not "recipient validation". that's something else...
>
> It is recipient validation *from the perspective of the sender*... so
> its all in how you look at it...

Senders aren't in a position to validate an address. Only the MX can do
that. When we mention 'recipient validation' here, we're discussing the
process used by the MX to determine legitimate recipient addresses for
the domains it handles. Agreeing on a precise vocabulary is necessary in
order to help others on this list.

A sender might seek to verify an address, but as mouss says, that's
something different. Sending a message to the wrong address doesn't make
that address invalid.

Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Robert Spencer-3
On 6/27/08, Jorey Bump <[hidden email]> wrote:

> Charles Marcus wrote, at 06/27/2008 10:44 AM:
>> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
>>> but I make up addresses on the fly and it's not convenient to list
>>> them all and all the addresses for that domain need to come to me
>>> anyway.
>>
>> Why not just use plus-addressing... this way you get the best of both
>> worlds (can 'make up addresses on the fly' *and* get proper recipient
>> validation)...
>
> Plussed addresses have caveats: Some sites have broken email address
> validation routines that won't accept them, and others will strip it
> when they send, anyway.

That sucks! But this all has made me rethink my naming scheme.

I original wanted unique names so that I could trace out who was
spamming me, I only ever had one real email address that was spammed
(the ftp site I used that address for published there logs on the
net). So there is not much tangible benefit to using unique names,
apart from making filtering slightly easier.

Unfortunately that benefit is grossly outwayed by the huge amount of
spam I received to non-existent email addresses and I mean huge, one
of the reasons I moved to my new server is that spamassassin's DB on
the old server grew to consume half of my file system quota (I
couldn't understand were all my free space until I did a backup on to
my desktop, cPanel doesn't show hidden files or folders in it's disk
use graph).

If I could figure out a way to slowly migrate away from my present
setup, I would. I'm thinking something like a username blacklist,
whitelist and queued list. I can't just grep my mail backups, as some
addresses have never received mail, e.g. password recovery addresses.

Another option is to grep my mail backups, add the addresses to my
user list and reroute all the remaining mail to my gmail account, but
don't I then run the risk of having my server blacklisted as a spam
relay?

>>>>>> Catchalls break recipient validation
>>
>>>>> they don't.
>>
>>>> They do for the SENDER... if they typo the address, they'll never
>>>> know.
>>
>>> that's not "recipient validation". that's something else...
>>
>> It is recipient validation *from the perspective of the sender*... so
>> its all in how you look at it...
>
> Senders aren't in a position to validate an address. Only the MX can do
> that. When we mention 'recipient validation' here, we're discussing the
> process used by the MX to determine legitimate recipient addresses for
> the domains it handles. Agreeing on a precise vocabulary is necessary in
> order to help others on this list.
>
> A sender might seek to verify an address, but as mouss says, that's
> something different. Sending a message to the wrong address doesn't make
> that address invalid.

Muscle memory can be a dangerous thing, I recently sent a test email
to my gmail.com account, but typed gmail.co.za instead. Needless to
say it didn't work.

--
Robert Spencer
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Brian Evans - Postfix List
Robert Spencer wrote:

> Unfortunately that benefit is grossly outwayed by the huge amount of
> spam I received to non-existent email addresses and I mean huge, one
> of the reasons I moved to my new server is that spamassassin's DB on
> the old server grew to consume half of my file system quota (I
> couldn't understand were all my free space until I did a backup on to
> my desktop, cPanel doesn't show hidden files or folders in it's disk
> use graph).
>
>
>  
Step 1 to handle spam is done by you setting up SpamAssassin.
Step 2 is to use rbl's to help even more either by Postfix or, better
IMO, using a scoring content filter such as policyd-weight or postfwd.

I personally use policyd-weight and it rejects 80% to 90% of spam and
little to no FPs.

Brian
Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

MrC-7
In reply to this post by Robert Spencer-3



>> Plussed addresses have caveats: Some sites have broken email address
>> validation routines that won't accept them, and others will strip it
>> when they send, anyway.
>
Robert Spencer wrote:
> That sucks! But this all has made me rethink my naming scheme.

> I original wanted unique names so that I could trace out who was
> spamming me, I only ever had one real email address that was spammed
> (the ftp site I used that address for published there logs on the
> net). So there is not much tangible benefit to using unique names,
> apart from making filtering slightly easier.

I have found that + as a delimiter is more problematic than - (dash),
but YMMV.  Two sites have converted dash into under bar.  Still, it is a
useful tool.

Here are some additional ponderables:

1) all those unique email addresses you register require updates should
your email address scheme change, or should you change domains.  You
personally might not have an issue with this, but if you host email
addresses for others, they can get mighty annoyed at having to visit all
the old sites and perform updates.

2) User's will not be as reliable as you in using address extensions.
If you have desires of helping your users track spam via address
extensions, lower your expectations accordingly.

3) While address extensions give you the ability to easily blacklist a
given address, it seems other UCE controls would ultimately have
rejected the message anyway.

4) Over years of tracking email address leaks, I have found reputable
companies are insignificant sources of address leak or spam.  Leaks come
from the bot'd systems of your friend and associates, mailing lists, and
finally the biggest spam source is the vast number of
too-good-to-be-true sign-up offers users can't resist.  One web form
fill-in can generate hundreds or thousands of spam messages, as these
marketing machines rapidly push an email address to dozens of
mass-marketing services, and it simply cannot be stopped.

5) Even culled email addresses from mailing lists constitutes a very
small portion of spam, mostly blocked through judicious smtpd_*_rules
even before content filtering.

6) I suppose it is only a matter of time before culling software begins
to learn about address extensions, thus turning address extensions into
essentially wildcarding, complete with its lack of recipient validation.
 This brings you back to point (1).

Use wisely.

Reply | Threaded
Open this post in threaded view
|

Re: Master domain catchall address

Daniel L. Miller
In reply to this post by Robert Spencer-3
Robert Spencer wrote:

> On 6/27/08, Jorey Bump <[hidden email]> wrote:
>  
>> Charles Marcus wrote, at 06/27/2008 10:44 AM:
>>    
>>> On 6/27/2008, Robert Spencer ([hidden email]) wrote:
>>>      
>>>> but I make up addresses on the fly and it's not convenient to list
>>>> them all and all the addresses for that domain need to come to me
>>>> anyway.
>>>>        
>>> Why not just use plus-addressing... this way you get the best of both
>>> worlds (can 'make up addresses on the fly' *and* get proper recipient
>>> validation)...
>>>      
>> Plussed addresses have caveats: Some sites have broken email address
>> validation routines that won't accept them, and others will strip it
>> when they send, anyway.
>>    
>
> That sucks! But this all has made me rethink my naming scheme.
>
> I original wanted unique names so that I could trace out who was
> spamming me, I only ever had one real email address that was spammed
> (the ftp site I used that address for published there logs on the
> net). So there is not much tangible benefit to using unique names,
> apart from making filtering slightly easier.
>
> Unfortunately that benefit is grossly outwayed by the huge amount of
> spam I received to non-existent email addresses and I mean huge, one
> of the reasons I moved to my new server is that spamassassin's DB on
> the old server grew to consume half of my file system quota (I
> couldn't understand were all my free space until I did a backup on to
> my desktop, cPanel doesn't show hidden files or folders in it's disk
> use graph).
>
> If I could figure out a way to slowly migrate away from my present
> setup, I would. I'm thinking something like a username blacklist,
> whitelist and queued list. I can't just grep my mail backups, as some
> addresses have never received mail, e.g. password recovery addresses.
>
> Another option is to grep my mail backups, add the addresses to my
> user list and reroute all the remaining mail to my gmail account, but
> don't I then run the risk of having my server blacklisted as a spam
> relay?
>  
Your addressing scheme appears to be an attempt to "re-invent the
wheel".  Which of course you are certainly welcome to do - everybody has
their own opinion on the proper number of spokes...

There are a number of anti-spam tools that will significantly reduce
your administrative overhead.  Everybody has their own tastes -
personally I enjoy using ASSP.

--
Daniel