I'm far from an LDAP expert so I'm posting this both as a "look what I did!" and an "is there a better way?"
The query feels fairly typical until the end where I look for "absolute-catchall@[the domain]". Effectively this accepts "anything"@"domain." Is this what you do? Is there a better way? Is this already in the manual somewhere :)