-
-
Notifications
You must be signed in to change notification settings - Fork 801
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a checkbox to make rejecting all emails for a specific user easy #2846
Comments
We already have app-specific passwords, we call them tokens and you can configure them on There is no way to restrict their rights but by default they are not allowed to login on the web-interface. |
Oh, indeed. That solves the "device-specific password" part. "send-only users" would still be useful (so not closing). |
I am fairly sure that this can be achieved with the existing code and a sieve script. That said, having the ability to limit some tokens to send-only/receive-only may be worth it |
You can simply disable pop3 & imap for the user access if the user may only send email. It is documented here: |
@Diman0 sure, but an email sent to that email would still be either accepted or forwarded. I'd rather have them rejected. |
Sounds like you haven't heard of rfc5429 :) I still see some value in having permissions "per token" rather than "per user". in OAUTH2 parlance, that'd be "scope". |
This can already be achieved via sieve script or rspamd multimap. But I can imagine some people would want to have a checkbox per user that enables/disables the ability to receive email for that account. No-reply email accounts are the primary example I can think off. |
I have implemnted the token part in #2852 |
Version
2.0
Description
In order to avoid copying the same password in multiple places, I've resorted to creating machine-specific users, to send emails from servers or laptops: let's say
[email protected]
is my main email, setup correctly in Mailu. I have setup amachines.example.com
subdomain, with an[email protected]
; I can setup a no-copy redirect for that email to[email protected]
and allow[email protected]
with the allow-spoofing setup, so that it can send emailsFrom: [email protected]
in my name. The usual case I have is my laptop's exim config.So. It would be nice to avoid allowing that
[email protected]
user to be able to receive email at all. (One easy workaround is not setting up an MX record, but depending on the A/AAAA record, it could still happen).Of course, another recourse would be to allow multiple passwords for a single user; such as device-specific passwords. GMail has some sort of setup for that; basically you can have (and generate) multiple independent addresses, limited to doing specific things: in the above scenario, if I could add a laptop-specific password for my
[email protected]
account, that would also work, of course.The text was updated successfully, but these errors were encountered: