Possibility of blocking outgoing email domain(s)

Feedback and Requests
1

Hi there,

I could not find it in the roadmap or marked as a feature request yet, but would it be possible to configure Metabase to only allow certain outgoing domains for the email address? (i.e myorg.com)

I am asking this since I have run into a security issue where a user has setup an alert/pulse and was able to send data to an email address outside the organization. This could be seen as a “leak” in some circumstances and would like to avoid if possible.

Regards,
George

2

Hi @gvv
Okay, it’s really annoying, because I remember seeing a request for something like this before, but I cannot find it (don’t know if I saw it on Github or the forum).
Currently you would have to setup the block on your mail server.
Could you do a couple of searches too on Github and then create a feature request if you don’t find anything?
https://github.com/metabase/metabase/issues/new/choose

EDIT: The closest thing I can find is this thread: All users display in a pulse list

1 Like
3

Hi @flamber,
So the only thing I could find (I also searched closed issues) was https://github.com/metabase/metabase/issues/10469 which was related to the form not allowing certain domains.

In my case I use AWS SES and the address being used to send, is a generic no-reply@myorg.com which we use in several other places at the moment. We’d have to setup a Lambda function for that which would complicate things a bit, therefore I was hoping it could be stopped directly at the source.

I would love to open a PR for such a feature but I have 0 experience in Clojure unfortunately.

Please let me know what your thoughts are.

4

@gvv Yeah, #10469 is probably just #4617, which is related to how Site URL is handled - not related to emails or anything like that.

But because you wrote some text, and I did some more searching, I found this article about restricting (that was the golden word) to a specific recipient domain:
https://docs.aws.amazon.com/ses/latest/DeveloperGuide/control-user-access.html#iam-and-ses-examples-recipients
Then I found this:
https://github.com/metabase/metabase/issues/6744 - upvote by clicking :+1: on the first post

1 Like
5

@flamber Indeed that was the magic word, thanks for sharing the link I will look into creating another address (metabase@myorg.com) and use that together with that IAM policy.

I’ve upvoted the question as well.
Thanks a lot for the assistance and advice.