Exclude specific address from catch all address?

Hi everyone,

I use a catch all address and it works great. One of these addresses now gets hit by a ridiculous amount of spam. Right now I just set up a filter which immediately deletes all mail sent to that specific address and this works fine. Nevertheless every email needs to be processed by the server and the sender sees the mail as delivered and will thus continue sending mails.

My question: Is there a possibility to exclude one or more addresses from the catch all? As in: MIAB answers “this email address does not exist”?

2 Likes

Ahh, the bad side of catchall accounts revealed.

There is no supported way of doing this other than using the filters within Roundcube.

That said, postfix most likely has a way of doing this which would be an unsupported modification to your MiaB instance. I am not familiar with the specifics though.

Thanks for your promt reply @alento!
Is this something that is requested often? Or am I the only one who has this problem?
I’m asking to check if it’s worth to bring up this topic on Github…

So far, you’re the first that I can recall. I do not think that you’d get any traction bringing this up on Github - but I do NOT want to discourage you from making the suggestion.

This can be done

sudo nano /etc/postfix/rejected_recips
edit the file to contain a list of emails you want to REJECT, for example, it can contain just the following line (or add more, each on their own line/row:
user@domain.com REJECT
user2@domain.com REJECT

Then, sudo nano /etc/postfix/main.cf
Find the line that starts with “smtpd_recipient_restrictions=”
add in after the last entry, add a comma then without the quotes: “check_recipient_access hash:/etc/postfix/rejected_recips”

Should look something like this:

smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_rbl_client zen.spamhaus.org,reject_unlisted_recipient,check_policy_service inet:127.0.0.1:10023,check_recipient_access hash:/etc/postfix/rejected_recips

Then issue these commands:
sudo postmap /etc/postfix/rejected_recips
sudo service postfix restart

NOTE: Every time you update MIAB you will have to edit main.cf --Since this is an unsupported modification (as mentioned above by ALENTO, make sure you backup before you edit.

2 Likes

I’m also very interested in this feature being included in the MiaB management interface, so that manual postfix configurations aren’t overwritten with every MiaB update/reconfiguration.

I use catch-all for my domains as a way to separate mail streams and identify when something has been compromised or been sold to non affiliated marketing companies. Sometimes a recipient address is so compromised and receives so much spam, that it isn’t worth dealing with anymore, and needs to be rejected at the smtp level.

Thank you for the excellent mail management package!

What’s the disadvantage of a sieve filtering rule which rejects a mail? They would not be overwritten after an update and roundcube provides - more or less - an interface to it. Or am I mistaken?

@usachris Thanks for the information. I try to keep my modifications to MiaB at the bare minimum, but this is one that would be handy if the need arises.

With apologies to the anti-necroposting lobby.

I was able to solve a similar problem by (having, managing and) using a “spare” domain where I don’t (need, want or) have a catch-all defined. I simply created aliases for the addresses getting spammed which forwards to a (non-existent) address on the spare domain. (I used “banned-word”@sparedomain.tld, for fun, so if they’re scraping the responses they get an email address they’ll be obliged to filter out of their mailing lists anyway.)

That way the senders get that “this email address does not exist” permanent failure message that would keep those emails from appearing in your (catch-all) mailbox (prime objective) without positive feedback that the message was delivered (secondary objective).

Perhaps sone day when spammers no longer get paid by how many emails they’ve sent out but by how many got delivered successfully or even better, how many successful engangements they resulted in, then perhaps it would mean that addresses that consistently and permanently fail would be removed from mailing lists. That won’t be soon though. The spam industry is very advanced in some ways (when it comes to hiding themselves) but also very backwards (when it involves acknowledging failures).