@okumuryu opened this Issue on September 16th 2022

Summary

Hello Matomo Teams.

With the implementation of the invite function in Matomo 4.11.0, there are many opportunities to send emails using Matomo applications.
As a result, the risk of sending incorrect emails due to mistakes in email addresses has increased.
Is there a function to restrict the domain of the email address to be sent to, so that it cannot be sent to other domains?
If not, would you implement it?

Your Environment

  • Matomo Version:4.11.0
  • PHP Version:8.1.10
  • Server Operating System:RHEL 7.9
@bx80 commented on September 20th 2022 Contributor

Hi @okumuryu, thanks for the suggestion, this does sound like a useful security feature. At the moment there is no option to restrict emails sent by Matomo to specific domains.

Depending on how your Matomo server is configured to send email, it may be possible to implement this restriction using Mail Transport Agent rules on the server. For example, your server uses postfix as an MTA then you could add a transport rule to block delivery of any emails other than to your company domain.

@okumuryu commented on September 21st 2022

It is certainly possible to restrict mail domains with postfix.
However, I think it is possible to use Matomo safely by restricting not only by postfix but also by Matomo application.

Powered by GitHub Issue Mirror