Close #2372: Implement a GUI for WILDCARD_SENDERS

core/admin/mailu/internal/views/postfix.py

@@ -145,8 +145,9 @@ def postfix_sender_login(sender):
     localpart = localpart[:next((i for i, ch in enumerate(localpart) if ch in flask.current_app.config.get('RECIPIENT_DELIMITER')), None)]
     destinations = models.Email.resolve_destination(localpart, domain_name, True) or []
     destinations.extend(wildcard_senders)
+    destinations.extend(i[0] for i in models.User.query.filter_by(allow_spoofing=True).with_entities(models.User.email).all())
     if destinations:
-        return flask.jsonify(",".join(idna_encode(destinations)))
+        return flask.jsonify(",".join(idna_encode(list(set(destinations)))))
     return flask.abort(404)
 
 @internal.route("/postfix/sender/rate/<path:sender>")

core/admin/mailu/models.py

@@ -501,6 +501,7 @@ class User(Base, Email):
     # Features
     enable_imap = db.Column(db.Boolean, nullable=False, default=True)
     enable_pop = db.Column(db.Boolean, nullable=False, default=True)
+    allow_spoofing = db.Column(db.Boolean, nullable=False, default=False)
 
     # Filters
     forward_enabled = db.Column(db.Boolean, nullable=False, default=False)

core/admin/mailu/ui/forms.py

@@ -84,6 +84,7 @@ class UserForm(flask_wtf.FlaskForm):
     quota_bytes = fields_.IntegerSliderField(_('Quota'), default=10**9)
     enable_imap = fields.BooleanField(_('Allow IMAP access'), default=True)
     enable_pop = fields.BooleanField(_('Allow POP3 access'), default=True)
+    allow_spoofing = fields.BooleanField(_('Allow the user to spoof the sender (send email as anyone)'), default=False)
     displayed_name = fields.StringField(_('Displayed name'))
     comment = fields.StringField(_('Comment'))
     enabled = fields.BooleanField(_('Enabled'), default=True)

core/admin/mailu/ui/templates/user/create.html

@@ -25,6 +25,7 @@
       prepend='<span class="input-group-text"><span id="quota_bytes_value"></span>&nbsp;GB</span>') }}
   {{ macros.form_field(form.enable_imap) }}
   {{ macros.form_field(form.enable_pop) }}
+  {{ macros.form_field(form.allow_spoofing) }}
   {%- endcall %}
 
   {{ macros.form_field(form.submit) }}

core/admin/migrations/versions/7ac252f2bbbf_.py

@@ -0,0 +1,22 @@
+"""empty message
+
+Revision ID: 7ac252f2bbbf
+Revises: 8f9ea78776f4
+Create Date: 2022-11-20 08:57:16.879152
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '7ac252f2bbbf'
+down_revision = '8f9ea78776f4'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+    op.add_column('user', sa.Column('allow_spoofing', sa.Boolean(), nullable=False))
+
+
+def downgrade():
+    op.drop_column('user', 'allow_spoofing')

docs/webadministration.rst

@@ -321,7 +321,7 @@ This page also shows an overview of the following settings of an user:
 
 * Email. The email address of the user.
 
-* Features. Shows if IMAP or POP3 access is enabled.
+* Features. Shows if IMAP or POP3 access is enabled and whether the user should be allowed to spoof emails.
 
 * Storage quota. Shows how much assigned storage has been consumed.
 
@@ -357,6 +357,8 @@ For adding a new user the following options can be configured.
 
 * Allow POP3 access. When ticked, allows email retrieval via the POP3 protocol.
 
+* Allow the user to spoof the sender. When ticked, allows the user to send email as anyone.
+
 
 Aliases
 ```````

towncrier/newsfragments/2372.feature

@@ -0,0 +1 @@
+Create a GUI for WILDCARD_SENDERS