Ability to block domains when receiving emails #2

[tozo]

Sorry, I had to recreate this PR.

This PR adds the functionality to block domains so that the user won't receive emails no matter which email was used from that domain.
It's mainly to prevent spam emails coming from the same domain but from different email addresses.

Since this feature is not tied to a specific alias/custom domain I added it to the setting page.
Let me know if there is a better place for this feature or if anything else needs to be changed.

Note: This feature was discussed here: #1344

Couple of screenshots:

Default view:

Page once domains are blocked:

[acasajus]

It's missing a composite index with user_id and domain to avoid full table scans.

[tozo]

In the previous line I have this constraint:

    __table_args__ = (
        sa.UniqueConstraint("user_id", "domain", name="uq_blocked_domain"),
    )

This should create that composite index. I checked in my environment and I see that index created automatically.

But let me know if I misunderstand something.

[tozo]

I updated the code, except the one where I asked the question

[aksolotl222]

@tozo can you please add also sender block?

Now SL doesn't have option to block sender and/or domain account wide. What stops spammer from if I block him in [email protected] just send emails to [email protected]? As I see, such adresses created automatically by default on subdomains.

So this feature will help against this.

[tozo]

@aksolotl222 If I understand you correctly this PR does what you describe.

You can block complete domains so no matter what email addresses the sender use on that domain they all will be blocked.

[tozo]

Hi @acasajus

Could you let me know if there is any other changes that need to be done?
I think this would be a great feature for many people.

[acasajus]

Why is this changed. This would allow users to create a custom domain with an invalid domain or an SL domain.

[tozo]

Based on the original code I modified the existing and created 2 separate functions (can_domain_be_used, can_custom_domain_be_used and can_blocked_domain_be_used respectively).

Because of that I also had to change this to call the function can_custom_domain_be_used to still include all the previously executed checks.
But inside of that function I call the can_domain_be_used which should check for the domain validity and SL domain as well and if that reason is not None, then return with that error.

Currently in this branch that call is in line 119:

reason = can_domain_be_used(user, domain)

if reason is not None:
    return reason

[alik-090]

Guys, can you also add ability to

1. block sender (ex [email protected]) from sending emails to ANY alias (non only domain)
2. Separate in settings behavior. So I I disable alias - user won't see that email rejected. And when I BLOCK sender he should get error that email doesn't exist. Now there is such feature but it is combined with block and disable alias. This is bad because some services, when see "email does not exist" will not try to send email even after I turn on alias. But when I BLOCK sender, I think sender should see "email does not exist". This will prevent most soammers to use different adress/domain because they will think there is no such address.

What do you think?