[GH-ISSUE #265] Per-domain policy support #249

New issue

Closed

opened 2026-02-27 11:10:48 +03:00 by kerem · 0 comments

kerem commented 2026-02-27 11:10:48 +03:00

Owner

Copy link

Originally created by @tonioo on GitHub (Dec 4, 2013).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/265

Originally assigned to: @tonioo on GitHub.

Originally created by Antoine Nguyen on 2012-06-07T07:25:02Z

The amavis extension should offer a way to edit per-domain policies.

h2. Proposal

Add a new "Content filter" tab into the domain edition form.

This tab will only propose a reduced set of settings:

• bypass_virus_checks (yes/no)
• bypass_spam_checks (yes/no)
• spam_tag2_level (float)
• spam_modifies_subj (yes/no)
• spam_kill_level (float)
• bypass_banned_checks (yes/no)
• banned_rulenames (a list of selectable rule names)

The last setting requires more work as it must know which rules are defined into amavis configuration file. I see two solutions to get this information :

Add a new extension setting to let admin copy/paste the names present into the configuration file

Implement a simple tool that will scan the configuration file(s) and look for the '%banned_rules' hash

The first option is simple to implement but it introduces information duplication. It can be difficult to maintain.

The second one is more flexible but may introduce security issues as Modoboa will need a read access to the configuration file (ie. the user that runs Modoboa, www-data?). It can also be a performance killer if the configuration is parsed each time the tab is displayed...

A simple caching mechanism proposal:

• Save the filename that contains the hash definition and its last modification time
• Each time we need to display the rule names, check if the modification time is different from the last we saw
• If different, parse the file.

h2. Who can access this feature

This proposal would work great for super users or resellers because they can access the domain management section. Domain administrators can't but I think it could be useful to let those users control those settings for the domain(s) they manage.

Allowing domain administrators to access this section introduce a big issue : they will also be able to modify domain properties.

What is the best to do ?

Originally created by @tonioo on GitHub (Dec 4, 2013). Original GitHub issue: https://github.com/modoboa/modoboa/issues/265 Originally assigned to: @tonioo on GitHub. **Originally created by Antoine Nguyen on 2012-06-07T07:25:02Z** The amavis extension should offer a way to edit per-domain policies. h2. Proposal Add a new "Content filter" tab into the domain edition form. This tab will only propose a reduced set of settings: - bypass_virus_checks (yes/no) - bypass_spam_checks (yes/no) - spam_tag2_level (float) - spam_modifies_subj (yes/no) - spam_kill_level (float) - bypass_banned_checks (yes/no) - banned_rulenames (a list of selectable rule names) The last setting requires more work as it must know which rules are defined into amavis configuration file. I see two solutions to get this information : # Add a new extension setting to let admin copy/paste the names present into the configuration file # Implement a simple tool that will scan the configuration file(s) and look for the '%banned_rules' hash The first option is simple to implement but it introduces information duplication. It can be difficult to maintain. The second one is more flexible but may introduce security issues as Modoboa will need a read access to the configuration file (ie. the user that runs Modoboa, www-data?). It can also be a performance killer if the configuration is parsed each time the tab is displayed... A simple caching mechanism proposal: - Save the filename that contains the hash definition and its last modification time - Each time we need to display the rule names, check if the modification time is different from the last we saw - If different, parse the file. h2. Who can access this feature This proposal would work great for super users or resellers because they can access the domain management section. Domain administrators can't but I think it could be useful to let those users control those settings for the domain(s) they manage. Allowing domain administrators to access this section introduce a big issue : they will also be able to modify domain properties. What is the best to do ?

kerem 2026-02-27 11:10:48 +03:00

• closed this issue
• added the
  enhancement
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

fix/sievefilters-allow-email-in-rule-name

dependabot/npm_and_yarn/frontend/axios-1.15.0

translations_04c0b653215cb5fa48ab101eae1a1917_ja_JP

translations_5d93982e9fd6dab991db4faf93ce9ded_ja_JP

fix/login-issue-3995

fix/sievefilters-issues

add-vitepress-openapi

2974-dmarc-empty-email

2.3.x

updated-doc-2.3.0

feature/OIDC

delete-all-alarms

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_af_ZA

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ar

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_ca

1.x

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_sk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_tr

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_es_ES

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_uk

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_zh_CN

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_de_DE

translations_modoboa-admin-locale-en-lc-messages-djangojs-po--master_da_DK

1.8.x

1.7.x

1.6.x

1.4.x

1.3.x

1.2.x

2.8.2

2.8.1

2.8.0

2.7.2

2.7.1

2.7.0

2.6.5

2.6.4

2.6.3

2.6.2

2.6.1

2.6.0

2.5.1

2.5.0

2.4.11

2.4.10

2.4.9

2.4.8

2.4.7

2.4.6

2.4.5

2.4.4

2.4.3

2.4.2

2.4.1

2.4.0

2.3.6

2.3.5

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.3.0-beta.4

2.3.0-beta.3

2.3.0-beta.2

2.3.0-beta.1

2.2.4

2.2.3

2.2.2

2.2.1

2.2.0

2.1.2

2.1.1

2.1.0

2.0.5

2.0.4

2.0.3

2.0.2

2.0.1

2.0.0

2.0.0-beta.3

2.0.0-beta.2

2.0.0-beta.1

1.17.0

1.16.1

1.16.0

1.15.0

1.14.0

1.13.1

1.13.0

1.12.2

1.12.1

1.12.0

1.11.1

1.11.0

1.10.7

1.10.6

1.10.5

1.10.4

1.10.3

1.10.2

1.10.1

1.10.0

1.9.1

1.9.0

1.8.3

1.8.2

1.8.1

1.8.0

1.7.4

1.7.3

1.7.2

1.7.1

1.7.0

1.6.3

1.6.2

1.6.1

1.6.0

1.5.3

1.5.2

1.5.1

1.5.0

1.4.5

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.5

1.3.4

1.2.2

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.2.0-rc2

1.2.0-rc1

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.1

1.0.0

0.9.5

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.8

0.8.7

0.8.6.1

0.8.6

0.8.5

0.8.4

0.8.3

0.8.3-rc1

0.8.2

0.8.1

0.8

0.8-rc2

0.8-rc1

0.7.2

0.7.1

0.7

0.6.1

0.6

0.5

0.3

0.2

0.1

Labels

Clear labels   

bug

  

bug

  

dependencies

  

design

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

feedback-needed

  

help-needed

  

help-needed

  

installer

  

invalid

  

looking-for-sponsors

  

modoboa-contacts

  

new-ui

  

new-ui

  

pr

  

pull-request

Mirrored from GitHub Pull Request

  

pyconfr

  

python

  

question

  

security

  

stale

  

webmail

  

wontfix

No labels

bug

bug

dependencies

design

documentation

duplicate

enhancement

enhancement

enhancement

feedback-needed

help-needed

help-needed

installer

invalid

looking-for-sponsors

modoboa-contacts

new-ui

new-ui

pr

pull-request

pyconfr

python

question

security

stale

webmail

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/modoboa-modoboa#249

No description provided.