Loading ...
Sorry, an error occurred while loading the content.

Master domain catchall address

Expand Messages
  • Robert Spencer
    Hi, I d like to have a catchall address for my master domain (not a virtual domain), but my searches haven t resulted in any info - could someone please
    Message 1 of 16 , Jun 27, 2008
    • 0 Attachment
      Hi,

      I'd like to have a catchall address for my master domain (not a
      virtual domain), but my searches haven't resulted in any info - could
      someone please explain how to do it.

      Thank.

      --
      Robert Spencer
    • Charles Marcus
      ... Why? Catchalls break recipient validation, and are strongly discouraged for normal production servers... -- Best regards, Charles
      Message 2 of 16 , Jun 27, 2008
      • 0 Attachment
        On 6/27/2008, Robert Spencer (roach.list@...) wrote:
        > I'd like to have a catchall address for my master domain (not a
        > virtual domain), but my searches haven't resulted in any info - could
        > someone please explain how to do it.

        Why? Catchalls break recipient validation, and are strongly discouraged
        for normal production servers...

        --

        Best regards,

        Charles
      • mouss
        ... use virtual_alias_maps: user1@example.com user1@example.com user2@example.com user2@example.com ... @example.com catchall@example.com You
        Message 3 of 16 , Jun 27, 2008
        • 0 Attachment
          Charles Marcus wrote:
          > On 6/27/2008, Robert Spencer (roach.list@...) wrote:
          >> I'd like to have a catchall address for my master domain (not a
          >> virtual domain), but my searches haven't resulted in any info - could
          >> someone please explain how to do it.

          use virtual_alias_maps:

          user1@... user1@...
          user2@... user2@...
          ...
          @... catchall@...


          You need the "identity mappings" for valid users, otherwise, all mail
          goes to the catchall.

          >
          > Why? Catchalls break recipient validation

          they don't. all addresses are valid so should not generate backscatter
          if nothing else is misconfigured. but:

          > , and are strongly discouraged for normal production servers...

          yes, because they attract a lot of junk.
        • Charles Marcus
          ... They do for the SENDER... if they typo the address, they ll never know. -- Best regards, Charles
          Message 4 of 16 , Jun 27, 2008
          • 0 Attachment
            On 6/27/2008, mouss (mouss@...) wrote:
            >> Why? Catchalls break recipient validation

            > they don't.

            They do for the SENDER... if they typo the address, they'll never know.

            --

            Best regards,

            Charles
          • Robert Spencer
            ... According to the doc s you can t use virtual_alias_maps for the master domain/localhost. ... Yes, I get huge amount of spam, but I make up addresses on the
            Message 5 of 16 , Jun 27, 2008
            • 0 Attachment
              On 6/27/08, mouss <mouss@...> wrote:
              > Charles Marcus wrote:
              >> On 6/27/2008, Robert Spencer (roach.list@...) wrote:
              >>> I'd like to have a catchall address for my master domain (not a
              >>> virtual domain), but my searches haven't resulted in any info - could
              >>> someone please explain how to do it.
              >
              > use virtual_alias_maps:
              >
              > user1@... user1@...
              > user2@... user2@...
              > ...
              > @... catchall@...
              >
              >
              > You need the "identity mappings" for valid users, otherwise, all mail
              > goes to the catchall.

              According to the doc's you can't use virtual_alias_maps for the master
              domain/localhost.

              >>
              >> Why? Catchalls break recipient validation
              >
              > they don't. all addresses are valid so should not generate backscatter
              > if nothing else is misconfigured. but:
              >
              >> , and are strongly discouraged for normal production servers...
              >
              > yes, because they attract a lot of junk.

              Yes, I get huge amount of spam, but I make up addresses on the fly and
              it's not convenient to list them all and all the addresses for that
              domain need to come to me anyway.

              --
              Robert Spencer
            • Ralf Hildebrandt
              ... No, virtual_alias_maps apply to all mail -- Ralf Hildebrandt (Ralf.Hildebrandt@charite.de) snickebo@charite.de Postfix - Einrichtung, Betrieb und
              Message 6 of 16 , Jun 27, 2008
              • 0 Attachment
                * Robert Spencer <roach.list@...>:
                > On 6/27/08, mouss <mouss@...> wrote:
                > > Charles Marcus wrote:
                > >> On 6/27/2008, Robert Spencer (roach.list@...) wrote:
                > >>> I'd like to have a catchall address for my master domain (not a
                > >>> virtual domain), but my searches haven't resulted in any info - could
                > >>> someone please explain how to do it.
                > >
                > > use virtual_alias_maps:
                > >
                > > user1@... user1@...
                > > user2@... user2@...
                > > ...
                > > @... catchall@...
                > >
                > >
                > > You need the "identity mappings" for valid users, otherwise, all mail
                > > goes to the catchall.
                >
                > According to the doc's you can't use virtual_alias_maps for the master
                > domain/localhost.

                No, virtual_alias_maps apply to all mail

                --
                Ralf Hildebrandt (Ralf.Hildebrandt@...) snickebo@...
                Postfix - Einrichtung, Betrieb und Wartung Tel. +49 (0)30-450 570-155
                http://www.arschkrebs.de
                EDV ist die Abk�rzung f�r "Ende der Vernunft".
              • mouss
                ... that s not recipient validation . that s something else... If they hire someone to redirect midirected mail, then they should be ok :) and some people
                Message 7 of 16 , Jun 27, 2008
                • 0 Attachment
                  Charles Marcus wrote:
                  > On 6/27/2008, mouss (mouss@...) wrote:
                  >>> Why? Catchalls break recipient validation
                  >
                  >> they don't.
                  >
                  > They do for the SENDER... if they typo the address, they'll never know.

                  that's not "recipient validation". that's something else...

                  If they hire someone to redirect midirected mail, then they should be ok :)

                  and some people argue that if you mistype the domain, you may never know...

                  anyway, OP has been warned...
                • mouss
                  ... people often confuse virtual_alias_maps with virtual_alias_domains.
                  Message 8 of 16 , Jun 27, 2008
                  • 0 Attachment
                    Ralf Hildebrandt wrote:
                    > [snip]
                    >> According to the doc's you can't use virtual_alias_maps for the master
                    >> domain/localhost.
                    >>
                    >
                    > No, virtual_alias_maps apply to all mail
                    >
                    >

                    people often confuse virtual_alias_maps with virtual_alias_domains.
                  • /dev/rob0
                    ... #include disclaimers/catchall-sucks.h If you re talking about a mydestination domain with local(8) delivery, the feature you seek is called luser_relay .
                    Message 9 of 16 , Jun 27, 2008
                    • 0 Attachment
                      On Fri June 27 2008 07:40:41 Robert Spencer wrote:
                      > I'd like to have a catchall address for my master domain (not a
                      > virtual domain), but my searches haven't resulted in any info - could
                      > someone please explain how to do it.

                      #include disclaimers/catchall-sucks.h

                      If you're talking about a mydestination domain with local(8) delivery,
                      the feature you seek is called "luser_relay".

                      http://www.postfix.org/LOCAL_RECIPIENT_README.html#change
                      http://www.postfix.org/local.8.html
                      --
                      Offlist mail to this address is discarded unless
                      "/dev/rob0" or "not-spam" is in Subject: header
                    • Wietse Venema
                      Robert Spencer: [ Charset ISO-8859-1 unsupported, converting... ] ... The above DOES NOT use a virtual alias domain. Wietse
                      Message 10 of 16 , Jun 27, 2008
                      • 0 Attachment
                        Robert Spencer:
                        [ Charset ISO-8859-1 unsupported, converting... ]
                        > On 6/27/08, mouss <mouss@...> wrote:
                        > > Charles Marcus wrote:
                        > >> On 6/27/2008, Robert Spencer (roach.list@...) wrote:
                        > >>> I'd like to have a catchall address for my master domain (not a
                        > >>> virtual domain), but my searches haven't resulted in any info - could
                        > >>> someone please explain how to do it.
                        > >
                        > > use virtual_alias_maps:
                        > >
                        > > user1@... user1@...
                        > > user2@... user2@...
                        > > ...
                        > > @... catchall@...
                        > >
                        > >
                        > > You need the "identity mappings" for valid users, otherwise, all mail
                        > > goes to the catchall.
                        >
                        > According to the doc's you can't use virtual_alias_maps for the master
                        > domain/localhost.

                        The above DOES NOT use a virtual alias domain.

                        Wietse
                      • Charles Marcus
                        ... Why not just use plus-addressing... this way you get the best of both worlds (can make up addresses on the fly *and* get proper recipient validation)...
                        Message 11 of 16 , Jun 27, 2008
                        • 0 Attachment
                          On 6/27/2008, Robert Spencer (roach.list@...) wrote:
                          > but I make up addresses on the fly and it's not convenient to list
                          > them all and all the addresses for that domain need to come to me
                          > anyway.

                          Why not just use plus-addressing... this way you get the best of both
                          worlds (can 'make up addresses on the fly' *and* get proper recipient
                          validation)...

                          >>>> Catchalls break recipient validation

                          >>> they don't.

                          >> They do for the SENDER... if they typo the address, they'll never
                          >> know.

                          > that's not "recipient validation". that's something else...

                          It is recipient validation *from the perspective of the sender*... so
                          its all in how you look at it...

                          --

                          Best regards,

                          Charles
                        • Jorey Bump
                          ... Plussed addresses have caveats: Some sites have broken email address validation routines that won t accept them, and others will strip it when they send,
                          Message 12 of 16 , Jun 27, 2008
                          • 0 Attachment
                            Charles Marcus wrote, at 06/27/2008 10:44 AM:
                            > On 6/27/2008, Robert Spencer (roach.list@...) wrote:
                            >> but I make up addresses on the fly and it's not convenient to list
                            >> them all and all the addresses for that domain need to come to me
                            >> anyway.
                            >
                            > Why not just use plus-addressing... this way you get the best of both
                            > worlds (can 'make up addresses on the fly' *and* get proper recipient
                            > validation)...

                            Plussed addresses have caveats: Some sites have broken email address
                            validation routines that won't accept them, and others will strip it
                            when they send, anyway.

                            >>>>> Catchalls break recipient validation
                            >
                            >>>> they don't.
                            >
                            >>> They do for the SENDER... if they typo the address, they'll never
                            >>> know.
                            >
                            >> that's not "recipient validation". that's something else...
                            >
                            > It is recipient validation *from the perspective of the sender*... so
                            > its all in how you look at it...

                            Senders aren't in a position to validate an address. Only the MX can do
                            that. When we mention 'recipient validation' here, we're discussing the
                            process used by the MX to determine legitimate recipient addresses for
                            the domains it handles. Agreeing on a precise vocabulary is necessary in
                            order to help others on this list.

                            A sender might seek to verify an address, but as mouss says, that's
                            something different. Sending a message to the wrong address doesn't make
                            that address invalid.
                          • Robert Spencer
                            ... That sucks! But this all has made me rethink my naming scheme. I original wanted unique names so that I could trace out who was spamming me, I only ever
                            Message 13 of 16 , Jun 27, 2008
                            • 0 Attachment
                              On 6/27/08, Jorey Bump <list@...> wrote:
                              > Charles Marcus wrote, at 06/27/2008 10:44 AM:
                              >> On 6/27/2008, Robert Spencer (roach.list@...) wrote:
                              >>> but I make up addresses on the fly and it's not convenient to list
                              >>> them all and all the addresses for that domain need to come to me
                              >>> anyway.
                              >>
                              >> Why not just use plus-addressing... this way you get the best of both
                              >> worlds (can 'make up addresses on the fly' *and* get proper recipient
                              >> validation)...
                              >
                              > Plussed addresses have caveats: Some sites have broken email address
                              > validation routines that won't accept them, and others will strip it
                              > when they send, anyway.

                              That sucks! But this all has made me rethink my naming scheme.

                              I original wanted unique names so that I could trace out who was
                              spamming me, I only ever had one real email address that was spammed
                              (the ftp site I used that address for published there logs on the
                              net). So there is not much tangible benefit to using unique names,
                              apart from making filtering slightly easier.

                              Unfortunately that benefit is grossly outwayed by the huge amount of
                              spam I received to non-existent email addresses and I mean huge, one
                              of the reasons I moved to my new server is that spamassassin's DB on
                              the old server grew to consume half of my file system quota (I
                              couldn't understand were all my free space until I did a backup on to
                              my desktop, cPanel doesn't show hidden files or folders in it's disk
                              use graph).

                              If I could figure out a way to slowly migrate away from my present
                              setup, I would. I'm thinking something like a username blacklist,
                              whitelist and queued list. I can't just grep my mail backups, as some
                              addresses have never received mail, e.g. password recovery addresses.

                              Another option is to grep my mail backups, add the addresses to my
                              user list and reroute all the remaining mail to my gmail account, but
                              don't I then run the risk of having my server blacklisted as a spam
                              relay?

                              >>>>>> Catchalls break recipient validation
                              >>
                              >>>>> they don't.
                              >>
                              >>>> They do for the SENDER... if they typo the address, they'll never
                              >>>> know.
                              >>
                              >>> that's not "recipient validation". that's something else...
                              >>
                              >> It is recipient validation *from the perspective of the sender*... so
                              >> its all in how you look at it...
                              >
                              > Senders aren't in a position to validate an address. Only the MX can do
                              > that. When we mention 'recipient validation' here, we're discussing the
                              > process used by the MX to determine legitimate recipient addresses for
                              > the domains it handles. Agreeing on a precise vocabulary is necessary in
                              > order to help others on this list.
                              >
                              > A sender might seek to verify an address, but as mouss says, that's
                              > something different. Sending a message to the wrong address doesn't make
                              > that address invalid.

                              Muscle memory can be a dangerous thing, I recently sent a test email
                              to my gmail.com account, but typed gmail.co.za instead. Needless to
                              say it didn't work.

                              --
                              Robert Spencer
                            • Brian Evans
                              ... Step 1 to handle spam is done by you setting up SpamAssassin. Step 2 is to use rbl s to help even more either by Postfix or, better IMO, using a scoring
                              Message 14 of 16 , Jun 27, 2008
                              • 0 Attachment
                                Robert Spencer wrote:
                                > Unfortunately that benefit is grossly outwayed by the huge amount of
                                > spam I received to non-existent email addresses and I mean huge, one
                                > of the reasons I moved to my new server is that spamassassin's DB on
                                > the old server grew to consume half of my file system quota (I
                                > couldn't understand were all my free space until I did a backup on to
                                > my desktop, cPanel doesn't show hidden files or folders in it's disk
                                > use graph).
                                >
                                >
                                >
                                Step 1 to handle spam is done by you setting up SpamAssassin.
                                Step 2 is to use rbl's to help even more either by Postfix or, better
                                IMO, using a scoring content filter such as policyd-weight or postfwd.

                                I personally use policyd-weight and it rejects 80% to 90% of spam and
                                little to no FPs.

                                Brian
                              • MrC
                                ... I have found that + as a delimiter is more problematic than - (dash), but YMMV. Two sites have converted dash into under bar. Still, it is a useful tool.
                                Message 15 of 16 , Jun 27, 2008
                                • 0 Attachment
                                  >> Plussed addresses have caveats: Some sites have broken email address
                                  >> validation routines that won't accept them, and others will strip it
                                  >> when they send, anyway.
                                  >
                                  Robert Spencer wrote:
                                  > That sucks! But this all has made me rethink my naming scheme.

                                  > I original wanted unique names so that I could trace out who was
                                  > spamming me, I only ever had one real email address that was spammed
                                  > (the ftp site I used that address for published there logs on the
                                  > net). So there is not much tangible benefit to using unique names,
                                  > apart from making filtering slightly easier.

                                  I have found that + as a delimiter is more problematic than - (dash),
                                  but YMMV. Two sites have converted dash into under bar. Still, it is a
                                  useful tool.

                                  Here are some additional ponderables:

                                  1) all those unique email addresses you register require updates should
                                  your email address scheme change, or should you change domains. You
                                  personally might not have an issue with this, but if you host email
                                  addresses for others, they can get mighty annoyed at having to visit all
                                  the old sites and perform updates.

                                  2) User's will not be as reliable as you in using address extensions.
                                  If you have desires of helping your users track spam via address
                                  extensions, lower your expectations accordingly.

                                  3) While address extensions give you the ability to easily blacklist a
                                  given address, it seems other UCE controls would ultimately have
                                  rejected the message anyway.

                                  4) Over years of tracking email address leaks, I have found reputable
                                  companies are insignificant sources of address leak or spam. Leaks come
                                  from the bot'd systems of your friend and associates, mailing lists, and
                                  finally the biggest spam source is the vast number of
                                  too-good-to-be-true sign-up offers users can't resist. One web form
                                  fill-in can generate hundreds or thousands of spam messages, as these
                                  marketing machines rapidly push an email address to dozens of
                                  mass-marketing services, and it simply cannot be stopped.

                                  5) Even culled email addresses from mailing lists constitutes a very
                                  small portion of spam, mostly blocked through judicious smtpd_*_rules
                                  even before content filtering.

                                  6) I suppose it is only a matter of time before culling software begins
                                  to learn about address extensions, thus turning address extensions into
                                  essentially wildcarding, complete with its lack of recipient validation.
                                  This brings you back to point (1).

                                  Use wisely.
                                • Daniel L. Miller
                                  ... Your addressing scheme appears to be an attempt to re-invent the wheel . Which of course you are certainly welcome to do - everybody has their own
                                  Message 16 of 16 , Jul 1, 2008
                                  • 0 Attachment
                                    Robert Spencer wrote:
                                    > On 6/27/08, Jorey Bump <list@...> wrote:
                                    >
                                    >> Charles Marcus wrote, at 06/27/2008 10:44 AM:
                                    >>
                                    >>> On 6/27/2008, Robert Spencer (roach.list@...) wrote:
                                    >>>
                                    >>>> but I make up addresses on the fly and it's not convenient to list
                                    >>>> them all and all the addresses for that domain need to come to me
                                    >>>> anyway.
                                    >>>>
                                    >>> Why not just use plus-addressing... this way you get the best of both
                                    >>> worlds (can 'make up addresses on the fly' *and* get proper recipient
                                    >>> validation)...
                                    >>>
                                    >> Plussed addresses have caveats: Some sites have broken email address
                                    >> validation routines that won't accept them, and others will strip it
                                    >> when they send, anyway.
                                    >>
                                    >
                                    > That sucks! But this all has made me rethink my naming scheme.
                                    >
                                    > I original wanted unique names so that I could trace out who was
                                    > spamming me, I only ever had one real email address that was spammed
                                    > (the ftp site I used that address for published there logs on the
                                    > net). So there is not much tangible benefit to using unique names,
                                    > apart from making filtering slightly easier.
                                    >
                                    > Unfortunately that benefit is grossly outwayed by the huge amount of
                                    > spam I received to non-existent email addresses and I mean huge, one
                                    > of the reasons I moved to my new server is that spamassassin's DB on
                                    > the old server grew to consume half of my file system quota (I
                                    > couldn't understand were all my free space until I did a backup on to
                                    > my desktop, cPanel doesn't show hidden files or folders in it's disk
                                    > use graph).
                                    >
                                    > If I could figure out a way to slowly migrate away from my present
                                    > setup, I would. I'm thinking something like a username blacklist,
                                    > whitelist and queued list. I can't just grep my mail backups, as some
                                    > addresses have never received mail, e.g. password recovery addresses.
                                    >
                                    > Another option is to grep my mail backups, add the addresses to my
                                    > user list and reroute all the remaining mail to my gmail account, but
                                    > don't I then run the risk of having my server blacklisted as a spam
                                    > relay?
                                    >
                                    Your addressing scheme appears to be an attempt to "re-invent the
                                    wheel". Which of course you are certainly welcome to do - everybody has
                                    their own opinion on the proper number of spokes...

                                    There are a number of anti-spam tools that will significantly reduce
                                    your administrative overhead. Everybody has their own tastes -
                                    personally I enjoy using ASSP.

                                    --
                                    Daniel
                                  Your message has been successfully submitted and would be delivered to recipients shortly.