Exim/SmartCatch

One great thing about having your mail server is to have an infinite number of email addresses. This is great to protect against spam. Eg. you give the address sitename@example.com to a website. If this address starts to receive spam, you know who sold it and you can easily block it.

A common way to implement that is through a catchall address: all the emails to any address will end up in your box. The issue is that spammer are sending spam to random addresses and your smart idea to avoid spam will become an enormous spam trap.

Here we will configure addresses with embedded hash-code so only you can generate new addresses. The addresses will looks like sitename-rtx@example.com.

Generate secret

The first step is to generate some secret. This will be used both for generating your addresses and validating them.

$ </dev/urandom tr -dc A-Za-z0-9 | head -c8; echo
AwatgLfG

As the name indicate, this must stay secret. Anybody with this secret will be able to generate valid email addresses for your domain.

Validate Address

Create file /etc/exim4/conf.d/router/440_smartcatch

smart_catch:
  debug_print = "R: smart_catch for $local_part@$domain"
  driver = redirect
  domains = +local_domains
  condition = ${if eq{${substr_0_3:${md5:${substr_-4:$local_part}@$domain@AwatgLfG}}}{${substr_-3_3:$local_part}}}
  data = yourrealemail@example.com
  retry_use_local_part
  headers_add = X-smartcatch: true

Replace AwatgLfG in the condition with the secret that you generated above. Also replace your email.

The line header_add is only there to help debugging. It can be safely removed.

Reload exim config

$ sudo systemctl reload exim4.service

Generate Addresses

fcgiwrap
$ sudo apt install fcgiwrap
TODO