Merge #1904

1904: Allow specific users to send email from any address r=mergify[bot] a=nextgens ## What type of PR? Feature ## What does this PR do? Allow specific users to send email from any address using the WILDCARD_SENDERS configuration variable. ### Related issue(s) - closes #1096 ## Prerequistes Before we can consider review and merge, please make sure the following list is done and checked. If an entry in not applicable, you can check it or remove it from the list. - [x] In case of feature or enhancement: documentation updated accordingly - [x] Unless it's docs or a minor change: add [changelog](https://mailu.io/master/contributors/workflow.html#changelog) entry file. Co-authored-by: Florent Daigniere <nextgens@freenetproject.org> Co-authored-by: David Fairbrother <DavidFair@users.noreply.github.com> Co-authored-by: Diman0 <diman@huisman.xyz> Co-authored-by: Dimitri Huisman <52963853+Diman0@users.noreply.github.com> Co-authored-by: Erriez <Erriez@users.noreply.github.com>
2025-06-04 23:27:34 +02:00 · 2021-08-19 14:48:46 +00:00 · 2021-08-19 14:48:46 +00:00 · a461f5fa7c
commit a461f5fa7c
parent 5062ee58dc b4102ba464
4 changed files with 7 additions and 1 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@ -32,6 +32,7 @@ DEFAULT_CONFIG = {
    'DOMAIN': 'mailu.io',
    'HOSTNAMES': 'mail.mailu.io,alternative.mailu.io,yetanother.mailu.io',
    'POSTMASTER': 'postmaster',
+    'WILDCARD_SENDERS': '',
    'TLS_FLAVOR': 'cert',
    'INBOUND_TLS_ENFORCE': False,
    'AUTH_RATELIMIT': '1000/minute;10000/hour',
--- a/core/admin/mailu/internal/views/postfix.py
+++ b/core/admin/mailu/internal/views/postfix.py
@ -133,10 +133,12 @@ def postfix_sender_map(sender):

@internal.route("/postfix/sender/login/<path:sender>")
 def postfix_sender_login(sender):
+    wildcard_senders = [s for s in flask.current_app.config.get('WILDCARD_SENDERS', '').lower().replace(' ', '').split(',') if s]
    localpart, domain_name = models.Email.resolve_domain(sender)
    if localpart is None:
-        return flask.abort(404)
+        return flask.jsonify(",".join(wildcard_senders)) if wildcard_senders else flask.abort(404)
    destination = models.Email.resolve_destination(localpart, domain_name, True)
+    destination = [*destination, *wildcard_senders] if destination else [*wildcard_senders]
    return flask.jsonify(",".join(destination)) if destination else flask.abort(404)

@internal.route("/postfix/sender/rate/<path:sender>")
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@ -37,6 +37,8 @@ The ``POSTMASTER`` is the local part of the postmaster email address. It is
 recommended to setup a generic value and later configure a mail alias for that
 address.

+The ``WILDCARD_SENDERS`` setting is a comma delimited list of user email addresses that are allowed to send emails from any existing address (spoofing the sender).
+
 The ``AUTH_RATELIMIT`` holds a security setting for fighting attackers that
 try to guess user passwords. The value is the limit of failed authentication attempts
 that a single IP address can perform against IMAP, POP and SMTP authentication endpoints.
--- a/towncrier/newsfragments/1096.feature
+++ b/towncrier/newsfragments/1096.feature
@ -0,0 +1 @@
+Allow specific users to send emails from any address using the WILDCARD_SENDERS setting
				`@ -0,0 +1 @@`
				`Allow specific users to send emails from any address using the WILDCARD_SENDERS setting`