I’m busy migrating from Hosted Exchange 2007 to Office 356. While setting up the mailboxes I thought it was time to solve one of my long time irritations that my current hosted Exchange setup does not support catchall for my mail domains. It turns out that this is not straight forward to setup as Microsoft does not support it.Yes I know there are a lot of people out there who think it is bad practice to setup a catch all mailbox. Personally I use it for convenience and I think it is more customer friendly for the non tech savvy people out there. And no I do not mind going through (a lot of) spam mail to find that little gem.

O well, I Googled around and found a great blog post that explains the basics how to setup a catchall email address. However the instructions did not work as is for me and I feel they are not complete. Let me rephrase that last statement: I think Office 365 has been updated since the post was published and therefore some parts no longer work as described. Anyway, I decided to write this blog post that should cover all aspects of setting up a catchall email address under the current version of Office 365, as of 24-11-2015 🙂

Disclaimer

• I have done some shameless copy pasting from the original blog post, I hope the author will forgive me for this.
• I hope this blog post helps but I cannot guarantee it will for all setups. I have tested this on my own Office 365 system: your system may differ or have different settings that prevent this from working. So test, test and test again.

Prerequisites

• You should have one of the following Office 365 plans: Business Essentials, Business and Business premium. It might work with other plans like Home, Personal or Student, but no guarantees (see disclaimer).
• All mailboxes must be on Office 365: it will not work for hybrid scenarios.
• All DNS MX records need to point to Office 365.

Theory

The theory is simple: change a mail domain from authoritative to internal relay mail domain. This way all mail is accepted for a domain. If the recipient or email address does not exist for a mail domain it is forwarded to the another physical or logical email server using a connector. We will not use a connector, but implement a rule which intercepts the emails before it is sent to the next email server. The rule will forward all unknown mail to a catchall email address. Sounds pretty simple, right? Well it is, just make sure you follow the steps carefully.

This setup is easy to implement and easy to disable.

Step 1: Logon to Office 365 admin portal

Pretty standard, but necessary 🙂

1. Log onto Office 365 Exchange admin center.
2. Click on Admin top right hand side.
3. Select Exchange from the drop down menu.

Step 2: Create a shared mailbox to act as catchall mailbox

I prefer to setup a separate shared mailbox to receive mail for unknown recipients. Users can be authorized to access this shared mailbox. This keeps the other mailboxes nice and tidy and is a nice separation of concerns.

From the Exchange admin center:

1. Click the recipients option.
2. Click the shared option.
3. Click the plus (+) option.
4. Enter the Display name, e.g. Catchall.
5. Enter the Email address, e.g. catchall.
6. If you have multiple domains select the correct domain from the drop down box.
7. Select the users that have permission to view the mailbox by clicking the plus (+).
8. Click ok to close the user selection window.
9. Click save to create the shared mailbox.

Step 3: Create security group for known email addresses

To ensure known email addresses are not sent to the catchall mailbox a security group is created. This security group must contain all known users.

IMPORTANT:

• If you add an email address then it must be added to this security group.
• If you remove an email address then it must be removed from this security group. 

These are the steps to create the security group and add the known users to the group:

1. Click the recipients option.
2. Click the plus (+) option and select the option Security group from the drop down menu.
3. Enter the Display name, e.g. Known email addresses.
   
4. Enter the Alias, e.g. known.
5. Enter the Email address, e.g. known.
6. If you have multiple domains select the correct domain from the drop down box.
7. Enter the Description, e.g. Exception for the catchall rule.
   
8. Select the owner(s) of the group, click on the plus (+).
9. From the dialog select the email address of the owner.
10. Click ok.
11. Select the members of the group, click on the plus (+).
12. Select all email addresses including the catchall email address.
13. Click add ->.
14. Click ok.
15. Check the option Owner approval is required.
16. Click save to create the security group.

Step 4: Changing from authoritative to internal relay mail domain

Next we need to change the mail domain from authoritative to internal relay mail domain. This ensures the mail domain will accepts all email even if the email address does not exist.

1. Click the mail flow option.
2. Click the accepted domains option.
3. Select the domain you want to setup a catchall mailbox for.
4. Click the pen to edit the selected domain.
5. In the popup change the option from Authoritative to Internal Relay.
6. Click save.
7. Ignore the warning that an outbound connector does not exist to deliver mail for the domain.

Step 5: Setup a catchall email rule

Lets create the rule that handles all email that is received. Email from internal clients is ignored. Email from external clients is handled, so any email from an external client that is sent to an unknown email address is forwarded to the catchall mailbox.

1. Click the mail flow option.
2. Click the rules option.
3. Click the plus (+) option.
4. Select Create new mail rule… from the drop down menu.
5. Click on More options… at the bottom of the popup.
6. Enter the Name, e.g. Catchall.
7. From the Apply this rule if… drop down select The sender… and then is external/internal.
8. From the drop down in the popup select Outside the organization.
9. Click ok.
10. From the Do the following… drop down select Redirect the message to… and then these recipients.
11. Select the Catchall mailbox from the list.
12. Click ok.
13. Click the add exception.
14. From the Except if… drop down select The recipient… and then is a member of this group.
15. Select the Known mailbox from the list.
16. Click ok.
17. Check the option Stop processing more rules.
18. Enter the Comments, e.g. Rule to catchall unknown email recipients.
19. Click save to create the rule.

Optionally a message header can be set so that it is possible to see a message was processed by the catchall rule. In the rule dialog do the following:

1. Click the add action under the Do the following…
2. From the drop down select Modify the message properties… and then set a message header.
3. Click on the first Enter text… and enter X-Catchall-Rule.
4. Click ok.
5. Click on the second Enter text… and enter Yes.
6. Click ok.
7. Click save to update the rule.

Step7: Adding the catchall shared mailbox to mailbox in the Outlook Web App

Of course you want to be able to access the catchall shared mailbox from the Outlook Web App. This is pretty straight forward once you know how.

If you are using the standard version of Outlook Web App:

1. Log onto the Outlook Web App with the account you want to add the catchall shared mailbox to.
2. Right click on the primary mailbox.
3. From the popup menu click on the Add shared folder… option.
4. Enter the name of the catchall shared mailbox, e.g. catchall, as you type the mailbox should be displayed, click on it.
5. Click on Add.

If you are using the light version of Outlook Web App:

1. Log onto the Outlook Web App with the account you want to access the catchall shared mailbox from.
2. At the top right corner click on the image.
3. From the drop down list select the option Open another mailbox…
4. Enter the name of the catchall shared mailbox, e.g. catchall, as you type the mailbox should be displayed, click on it.
5. The catchall mailbox will be opened in a separate tab.

Step 6: Testing time

Everything is setup so it is time to test.

From an internal client:

1. Send an email to a known email address. The mail should be delivered to the recipient.
2. Send an email to an unknown email address. The mail should be rejected.

From an external client, e.g. Gmail:

1. Send an email to a known email address. The mail should be delivered to the recipient.
2. Send an email to an unknown email address. The mail should be delivered to the catchall mailbox.

If you completed the optional step of adding the header to an unknown email recipient that is forwarded to the catchall mailbox then you can check to to see if the header is set by checking the message details.

1. Select the mail that was forwarded to the catchall mailbox.
2. The mail is displayed, at the top of the mail click on the three dots (…).
   

   View message details

3. From the drop down menu select the option View message details.
4. Scroll down, near the end of the list you will see the X-Catchall-Rule.

That’s it! Once you understand the mechanism and know how to set this up it is pretty straight forward. Many thanks to the guys at Your It Help for doing all the heavy lifting.