I could not find it in the roadmap or marked as a feature request yet, but would it be possible to configure Metabase to only allow certain outgoing domains for the email address? (i.e myorg.com)
I am asking this since I have run into a security issue where a user has setup an alert/pulse and was able to send data to an email address outside the organization. This could be seen as a “leak” in some circumstances and would like to avoid if possible.
Hi @gvv
Okay, it’s really annoying, because I remember seeing a request for something like this before, but I cannot find it (don’t know if I saw it on Github or the forum).
Currently you would have to setup the block on your mail server.
Could you do a couple of searches too on Github and then create a feature request if you don’t find anything? https://github.com/metabase/metabase/issues/new/choose
In my case I use AWS SES and the address being used to send, is a generic no-reply@myorg.com which we use in several other places at the moment. We’d have to setup a Lambda function for that which would complicate things a bit, therefore I was hoping it could be stopped directly at the source.
I would love to open a PR for such a feature but I have 0 experience in Clojure unfortunately.
@flamber Indeed that was the magic word, thanks for sharing the link I will look into creating another address (metabase@myorg.com) and use that together with that IAM policy.
I’ve upvoted the question as well.
Thanks a lot for the assistance and advice.