When setting up a spam trap or mail sinkhole, you'll often need your SMTP server to accept all incoming emails regardless of the recipient address. This configuration is particularly useful for:
- Collecting spam samples for analysis
- Creating honeypot mail servers
- Testing mail routing configurations
- Handling legacy domains where you don't want to lose any emails
The key configuration happens in main.cf. Here's the minimal setup required:
# Enable virtual aliases virtual_alias_maps = hash:/etc/postfix/virtual # Accept mail for all domains mydestination = $myhostname, localhost.$mydomain, localhost local_recipient_maps =
Create or modify /etc/postfix/virtual with these contents:
@yourdomain.com catchall @. catchall
Then compile the map and reload Postfix:
postmap /etc/postfix/virtual postfix reload
For more control over the catch-all behavior, consider these additional parameters:
# For better spam handling smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy, permit # Rate limiting to prevent abuse anvil_rate_time_unit = 60s smtpd_client_connection_rate_limit = 100
Verify your setup works by sending test emails:
telnet localhost 25 HELO test.com MAIL FROM: <test@example.com> RCPT TO: <nonexistent@yourdomain.com> DATA Subject: Test This should be delivered to catchall . QUIT
Then check your mail logs:
tail -f /var/log/mail.log
When running a catch-all server:
- Monitor disk space usage (spammers may send large attachments)
- Consider using separate partitions for mail storage
- Implement rate limiting to prevent abuse
- Regularly review the collected emails to detect any legitimate traffic
If emails aren't being caught:
- Verify Postfix is running:
systemctl status postfix - Check configuration syntax:
postfix check - Review mail logs:
journalctl -u postfix - Test SMTP locally:
swaks --to nonexistent@yourdomain.com
Sometimes you need an SMTP server that'll accept all incoming emails regardless of recipient address or domain - what we call a "spam sinkhole". This is particularly useful for:
- Capturing misdirected emails during migrations
- Analyzing spam patterns
- Creating honeypot mail servers
- Testing email routing configurations
Here's the core Postfix configuration to make it accept any incoming email:
# main.cf additions mydestination = $myhostname, localhost.$mydomain, localhost local_recipient_maps = virtual_alias_maps = regexp:/etc/postfix/virtual_regexp
Create /etc/postfix/virtual_regexp with:
/.*/ catchall
This regex pattern matches any email address and routes it to the local user 'catchall'.
Ensure the destination mailbox exists:
sudo useradd -m -s /bin/false catchall sudo mkdir -p /var/mail/catchall sudo chown catchall:catchall /var/mail/catchall
For more control, you can modify the regex pattern:
# Route specific domains differently /.*@example\.com$/ example_catchall /.*@test\.domain$/ test_catchall /.*/ global_catchall
After reloading Postfix (sudo systemctl reload postfix), test with:
echo "Test email" | mail -s "Test Subject" nonexistent@yourdomain.com
Check if it arrives in the catchall mailbox:
sudo tail -f /var/mail/catchall
When handling large volumes:
- Set
default_process_limit = 100in main.cf - Adjust
qmgr_message_active_limitbased on server specs - Consider using
virtual_mailbox_domainsfor domain-specific routing
Be aware that open relays attract abuse:
# In main.cf to prevent becoming an open relay smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination