Catchall vs Check recipients

We get two different common requests for features that we have solutions for, but it's funny that they are incompatible.  I accidentally discovered this on my own Exchange 2003 server at home.

Feature 1: “Catchall” mailbox

The idea with this one is that you have people mailing you at info@company.com, sales@company.com, etc. and you don't want to miss a potential sales opportunity just because the sender mistyped your address.  So you designate a “catchall” mailbox, where all mail sent to *@company.com goes to this one mailbox.  This is an example of the kind of thing we couldn't do with Exchange 5.5 because we didn't have an extensible architecture.  With Exchange 2000 and beyond, you could use an event sink to do this.  We have a well-used sample in a KB article.  Now these days (this wasn't so true when we first wrote this article) you really don't want to do that, because spammers who use dictionary attacks against your domain will make your life a living hell.  Of course the solution to that is a good spam filter, which makes this reasonable.

Feature 2: Validate recipients in the directory before accepting message

This is a feature that was an endemic part of sendmail for a long time, as long as most people used sendmail with a local password file.  Many implementations of sendmail that use an LDAP directory instead did not offer this feature, and we did not either for a long time.  If you don't have this feature, and you get a lot of spam to random recipients, then your machine can spend a fair amount of effort generating Delivery Status Notifications (DSNs) aka Non-Delivery Reports (NDRs) that are sent to the sender of the spam.  Of course, this sender is usually bogus, which results in the NDR “NDRing”, and when Exchange generates an NDR to an NDR, it has nowhere to put that NDR, so it puts it in the “badmail” directory. 

Anyway, finally in Exchange 2003, we added this feature.  To turn it on, fire up Exchange System Manager (ESM), under Global Settings, get properties on “Message Delivery”.  Go to the “Recipient Filtering” tab.  Check the box next to “Filter recipients who are not in the Directory”.  Like other filtering, make sure that on your SMTP VS that accepts mail from the Internet, turn on the filtering.  To do this, click the “Advanced...” button next to the IP address on the General tab, click “Edit”, and enable “Recipient Filtering”.  With this feature, at the RCPT command, the server looks up the recipient in the AD and if no one has the email address as one of their addresses, the RCPT is denied, and the message is never accepted. Which is nice because it's up to the sending server to generate the NDR.

What is funny is that if you turn on recipient filtering, and a message comes in to random@mydomain.com, even though the catchall sink would have caught this message and redirected it to my mailbox, because the recipient filtering feature above happens at the SMTP RCPT command, the message never gets accepted.  I do need to get the KB above updated to reflect this find!  (or maybe some smart person will find a workaround)