Create a Catch-All Mailbox in Office 365

Be the first to vote!

While working on a cross-tenant issue with a customer, I had the requirement minimize the number of non-delivery reports sent to external users.  I suggested the best way to do this might be a catch-all mailbox.

Background

What exactly is a catch-all mailbox?  In layman’s terms, it’s a mailbox designed to receive (or catch) all of the mail addressed to invalid recipients in a particular mail system. Many hosting platforms have this type of feature; Exchange Online utilized directory-based edge blocking (DBEB) to filter out invalid recipients prior to mailbox delivery.

Configuration

We can mimic the behavior of catch-all mailboxes with the configuration of a shared mailbox, a transport rule, a dynamic distribution group, and disabling DBEB.

Creating a dynamic distribution list for all valid users

The first step is to create a distribution list that includes all of the users who have mailboxes in your environment.  It’s pretty easy to create this via PowerShell.

New-DynamicDistributionGroup -Name 'AllMailboxes' -Alias 'AllMailboxes' -OrganizationalUnit $null -IncludedRecipients 'MailboxUsers'

That will include all user mailboxes.  You can also use additional categories, such as MailContacts, Resources, MailGroups or MailUsers.  To specify more than one, you can use an array syntax (such as @(‘MailboxUsers’,’Resources’).

Creating a shared mailbox to receive the errant messages

Next, you’ll need to create a mailbox that will eventually hold all of the mail that couldn’t be delivered to the original recipients.  To do this from PowerShell:

New-Mailbox -Shared -Alias 'catchall' -Name "Catch-All Mailbox" -DisplayName "Catch-All Mailbox" -Force

Next, we’ll tie it together with a rule.

Creating a transport rule to redirect the messages

In order to redirect the messages, you’ll need an Exchange Transport Rule:

New-TransportRule -FromScope 'NotInOrganization' -RedirectMessageTo 'catchall' -ExceptIfSentToMemberOf AllMailboxes -Name 'AllMailboxes' -StopRuleProcessing:$false -Mode 'Enforce' -Comments 'Catch-all mailbox rule' -RuleErrorAction 'Ignore' -SenderAddressLocation 'Header'

The rule does three things:

  • Specifies the senders as people outside of the organization
  • Redirects the mail to the ‘catchall’ mailbox created earlier
  • Makes an exception if the user is a member of the ‘AllMailboxes” dynamic distribution group we created originally

Finally, we’ve got to disable DBEB to make sure invalid recipients don’t get filtered.

Disabling Directory-Based Edge Blocking

Disabling DBEB is a relatively straightforward process–handled by changing an accepted domain’s type from Authoritative to InternalRelay.

Set-AcceptedDomain -Identity <domain> -DomainType InternalRelay

You can configure the domain type per-domain (if that wasn’t obvious already).

Wrapping up

With this configuration in place, you should be able to look at the catchall mailbox you created and view messages intended for recipients whose names might have been misspelled or whose accounts were removed.  It’s a handy way to see what you’re missing out on.

Published by Aaron Guilmette

Helping companies conquer inferior technology since 1997. I spend my time developing and implementing technology solutions so people can spend less time with technology. Specialties: Active Directory and Exchange consulting and deployment, Virtualization, Disaster Recovery, Office 365, datacenter migration/consolidation, cheese. View all posts by Aaron Guilmette

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Exit mobile version