FWIW, I rather have the wrong address email address bounce. That and I don't want to eyeball the catch-all to see if it caught anything useful.
You can fail2ban the password guessers. In a perfect world, I would reject email that fails SPF and DKIM. I recall noise from Google making this a plan, which that would force all the servers to clean up their act. Original Message From: D'Arcy J.M. Cain Sent: Thursday, August 25, 2016 2:56 PM To: Michael J Wise Cc: postfix users Subject: Re: newbie department On Thu, 25 Aug 2016 12:36:19 -0700 "Michael J Wise" <mjw...@kapu.net> wrote: > > No! Even though you don't have to have a mailbox to fill up (you > > can direct catch-all to /dev/null) this is still a bad idea. If > > someone sends you an important message at li...@lazygranch.com it > > will be silently ignored. If you don't have a catch-all the > > message will bounce and the sender will realize that he made a typo > > and resend it. > > This fails badly for many security and privacy reasons if you are > doing anything other than running a personal, vanity domain. No, it's quite the opposite. I have clients who expect their email to behave in a very clearly defined way. If someone sends an email to my system it must do one of two things - be delivered to to a user (or at least his spam filter) or bounced back to the sender. Anything else is a failure. I don't want to hear that my client missed a big sale because of a typo on their prospective client's part. -- D'Arcy J.M. Cain System Administrator, Vex.Net http://www.Vex.Net/ IM:da...@vex.net VoIP: sip:da...@vex.net