[Feature] Introduce sender-blacklists (on both global/admin and user level)

app/admin/__init__.py

@@ -16,6 +16,7 @@
 from app.admin.metrics import DailyMetricAdmin, MetricAdmin
 from app.admin.invalid_mailbox_domain import InvalidMailboxDomainAdmin
 from app.admin.forbidden_mx_ip import ForbiddenMxIpAdmin
+from app.admin.global_sender_blacklist import GlobalSenderBlacklistAdmin
 from app.admin.email_search import (
     EmailSearchResult,
     EmailSearchHelpers,
@@ -52,6 +53,7 @@
     "MetricAdmin",
     "InvalidMailboxDomainAdmin",
     "ForbiddenMxIpAdmin",
+    "GlobalSenderBlacklistAdmin",
     # Search views
     "EmailSearchResult",
     "EmailSearchHelpers",

app/admin/global_sender_blacklist.py

@@ -0,0 +1,36 @@
+from flask_admin.form import SecureForm
+
+from app.admin.base import SLModelView
+
+
+class GlobalSenderBlacklistAdmin(SLModelView):
+    form_base_class = SecureForm
+
+    can_create = True
+    can_edit = True
+    can_delete = True
+
+    column_searchable_list = ("pattern", "comment")
+    column_filters = ("enabled",)
+    column_editable_list = ("enabled", "comment")
+
+    # Keep the admin UI strictly on GLOBAL entries (user_id is NULL)
+    column_exclude_list = ("user_id", "user")
+    form_excluded_columns = ("user_id", "user")
+
+    def get_query(self):
+        return (
+            super().get_query().filter(self.model.user_id.is_(None))  # type: ignore[attr-defined]
+        )
+
+    def get_count_query(self):
+        return (
+            super().get_count_query().filter(self.model.user_id.is_(None))  # type: ignore[attr-defined]
+        )
+
+    # Help text for admins when adding patterns
+    form_args = {
+        "pattern": {
+            "description": r"Regex, i.e. `@domain\.com$`",
+        }
+    }

app/admin/index.py

@@ -17,6 +17,7 @@
     Metric2,
     InvalidMailboxDomain,
     ForbiddenMxIp,
+    GlobalSenderBlacklist,
 )
 from app.admin.base import SLAdminIndexView
 from app.admin.user import UserAdmin
@@ -31,6 +32,7 @@
 from app.admin.metrics import DailyMetricAdmin, MetricAdmin
 from app.admin.invalid_mailbox_domain import InvalidMailboxDomainAdmin
 from app.admin.forbidden_mx_ip import ForbiddenMxIpAdmin
+from app.admin.global_sender_blacklist import GlobalSenderBlacklistAdmin
 from app.admin.email_search import EmailSearchAdmin
 from app.admin.custom_domain_search import CustomDomainSearchAdmin
 from app.admin.abuser_lookup import AbuserLookupAdmin
@@ -63,3 +65,4 @@ def init_admin(app: Flask):
     admin.add_view(MetricAdmin(Metric2, Session))
     admin.add_view(InvalidMailboxDomainAdmin(InvalidMailboxDomain, Session))
     admin.add_view(ForbiddenMxIpAdmin(ForbiddenMxIp, Session))
+    admin.add_view(GlobalSenderBlacklistAdmin(GlobalSenderBlacklist, Session))

app/contact_utils.py

@@ -47,6 +47,7 @@ def create_contact(
     mail_from: Optional[str] = None,
     allow_empty_email: bool = False,
     automatic_created: bool = False,
+    block_forward: bool = False,
     from_partner: bool = False,
 ) -> ContactCreateResult:
     LOG.i(
@@ -105,6 +106,7 @@ def create_contact(
             automatic_created=automatic_created,
             flags=flags,
             invalid_email=is_invalid_email,
+            block_forward=block_forward,
             commit=True,
         )
         contact_id = contact.id

app/dashboard/views/setting.py

@@ -39,6 +39,7 @@
     PartnerSubscription,
     UnsubscribeBehaviourEnum,
     UserAliasDeleteAction,
+    GlobalSenderBlacklist,
 )
 from app.proton.proton_unlink import can_unlink_proton_account
 from app.utils import (
@@ -285,6 +286,39 @@ def setting():
             Session.commit()
             flash("Your preference has been updated", "success")
 
+        elif request.form.get("form-name") == "user-sender-blacklist-add":
+            pattern = (request.form.get("pattern") or "").strip()
+            if not pattern:
+                flash("Pattern cannot be empty", "warning")
+                return redirect(url_for("dashboard.setting") + "#sender-blacklist")
+
+            GlobalSenderBlacklist.create(
+                user_id=current_user.id,
+                pattern=pattern,
+                enabled=True,
+                comment=None,
+                commit=True,
+            )
+            flash("Sender blacklist entry added", "success")
+            return redirect(url_for("dashboard.setting") + "#sender-blacklist")
+
+        elif request.form.get("form-name") == "user-sender-blacklist-delete":
+            try:
+                entry_id = int(request.form.get("entry-id"))
+            except Exception:
+                flash("Invalid request", "warning")
+                return redirect(url_for("dashboard.setting") + "#sender-blacklist")
+
+            entry = GlobalSenderBlacklist.get_by(id=entry_id)
+            if entry is None or entry.user_id != current_user.id:
+                flash("Not found", "warning")
+                return redirect(url_for("dashboard.setting") + "#sender-blacklist")
+
+            Session.delete(entry)
+            Session.commit()
+            flash("Sender blacklist entry deleted", "success")
+            return redirect(url_for("dashboard.setting") + "#sender-blacklist")
+
     manual_sub = ManualSubscription.get_by(user_id=current_user.id)
     apple_sub = AppleSubscription.get_by(user_id=current_user.id)
     coinbase_sub = CoinbaseSubscription.get_by(user_id=current_user.id)
@@ -296,6 +330,23 @@ def setting():
     if partner_sub_name:
         partner_sub, partner_name = partner_sub_name
 
+    user_sender_blacklist_entries = (
+        Session.query(GlobalSenderBlacklist)
+        .filter(GlobalSenderBlacklist.user_id == current_user.id)
+        .order_by(GlobalSenderBlacklist.id.asc())
+        .all()
+    )
+
+    global_sender_blacklist_entries = (
+        Session.query(GlobalSenderBlacklist)
+        .filter(
+            GlobalSenderBlacklist.enabled.is_(True),
+            GlobalSenderBlacklist.user_id.is_(None),
+        )
+        .order_by(GlobalSenderBlacklist.id.asc())
+        .all()
+    )
+
     return render_template(
         "dashboard/setting.html",
         csrf_form=csrf_form,
@@ -318,4 +369,6 @@ def setting():
         ALIAS_RAND_SUFFIX_LENGTH=ALIAS_RANDOM_SUFFIX_LENGTH,
         connect_with_proton=CONNECT_WITH_PROTON,
         can_unlink_proton_account=can_unlink_proton_account(current_user),
+        user_sender_blacklist_entries=user_sender_blacklist_entries,
+        global_sender_blacklist_entries=global_sender_blacklist_entries,
     )

app/models.py

@@ -3672,6 +3672,32 @@ class ForbiddenMxIp(Base, ModelMixin):
     comment = sa.Column(sa.Text, unique=False, nullable=True)
 
 
+class GlobalSenderBlacklist(Base, ModelMixin):
+    """Global blacklist for inbound senders (envelope MAIL FROM).
+
+    Pattern is a (re2-compatible) regex that is applied via search() against the
+    full envelope sender address.
+
+    Examples:
+      - "@spamdomain\\.com$"
+      - "^no-?reply@.*"
+    """
+
+    __tablename__ = "global_sender_blacklist"
+
+    # NULL user_id => global blacklist entry (admin-managed)
+    # non-NULL user_id => per-user blacklist entry (user-managed)
+    user_id = sa.Column(sa.ForeignKey(User.id, ondelete="cascade"), nullable=True)
+
+    pattern = sa.Column(sa.String(512), nullable=False)
+    enabled = sa.Column(sa.Boolean, nullable=False, default=True, server_default="1")
+    comment = sa.Column(sa.Text, nullable=True)
+
+    user = orm.relationship(User)
+
+    __table_args__ = (sa.Index("ix_global_sender_blacklist_user_id", "user_id"),)
+
+
 # region Phone
 class PhoneCountry(Base, ModelMixin):
     __tablename__ = "phone_country"

app/regex_utils.py

@@ -5,7 +5,8 @@
 from app.log import LOG
 
 
-def regex_match(rule_regex: str, local):
+def regex_match(rule_regex: str, local) -> bool:
+    """Return True if *full string* matches rule_regex."""
     regex = re2.compile(rule_regex)
     try:
         if re2.fullmatch(regex, local):
@@ -16,3 +17,20 @@ def regex_match(rule_regex: str, local):
         if re.fullmatch(regex, local):
             return True
     return False
+
+
+def regex_search(rule_regex: str, text: str) -> bool:
+    """Return True if any substring of text matches rule_regex.
+
+    Uses re2 when possible to avoid catastrophic backtracking.
+    """
+    regex = re2.compile(rule_regex)
+    try:
+        if re2.search(regex, text):
+            return True
+    except TypeError:  # re2 bug "Argument 'pattern' has incorrect type (expected bytes, got PythonRePattern)"
+        LOG.w("use re instead of re2 for %s %s", rule_regex, text)
+        regex = re.compile(rule_regex)
+        if re.search(regex, text):
+            return True
+    return False

app/sender_blacklist.py

@@ -0,0 +1,82 @@
+from __future__ import annotations
+
+from cachetools import TTLCache, cached
+
+from app.db import Session
+from app.log import LOG
+from app.models import GlobalSenderBlacklist
+from app.regex_utils import regex_search
+
+
+# Cache enabled patterns briefly to avoid a DB query per inbound email.
+# Admin changes should take effect quickly but don't need to be instant.
+@cached(cache=TTLCache(maxsize=128, ttl=30))
+def _get_enabled_global_patterns() -> list[str]:
+    return [
+        r.pattern
+        for r in Session.query(GlobalSenderBlacklist)
+        .filter(
+            GlobalSenderBlacklist.enabled.is_(True),
+            GlobalSenderBlacklist.user_id.is_(None),
+        )
+        .order_by(GlobalSenderBlacklist.id.asc())
+        .all()
+    ]
+
+
+# Per-user cache: keep it small-ish but avoid a DB query per email per user.
+@cached(cache=TTLCache(maxsize=128, ttl=30))
+def _get_enabled_user_patterns(user_id: int) -> list[str]:
+    return [
+        r.pattern
+        for r in Session.query(GlobalSenderBlacklist)
+        .filter(
+            GlobalSenderBlacklist.enabled.is_(True),
+            GlobalSenderBlacklist.user_id == user_id,
+        )
+        .order_by(GlobalSenderBlacklist.id.asc())
+        .all()
+    ]
+
+
+def is_sender_blocked_for_user(user_id: int | None, *candidates: str) -> bool:
+    """Return True if any candidate sender string matches:
+
+    - the global sender blacklist (user_id is NULL), OR
+    - the given user's sender blacklist (user_id matches)
+
+    Typical candidates:
+      - SMTP envelope MAIL FROM
+      - parsed header From address
+    """
+
+    patterns: list[str] = []
+    patterns.extend(_get_enabled_global_patterns())
+    if user_id is not None:
+        patterns.extend(_get_enabled_user_patterns(int(user_id)))
+
+    if not patterns:
+        return False
+
+    for candidate in candidates:
+        if not candidate:
+            continue
+        # Ignore bounce/null reverse-path
+        if candidate == "<>":
+            continue
+
+        for pattern in patterns:
+            try:
+                if regex_search(pattern, candidate):
+                    return True
+            except Exception:
+                # Never crash the SMTP handler because of a bad regex.
+                # (Global or user entry — both are user-provided.)
+                LOG.exception(
+                    "Sender blacklist regex failed: user_id=%s pattern=%s candidate=%s",
+                    user_id,
+                    pattern,
+                    candidate,
+                )
+
+    return False

email_handler.py

@@ -153,6 +153,7 @@
 from app.handler.unsubscribe_generator import UnsubscribeGenerator
 from app.handler.unsubscribe_handler import UnsubscribeHandler
 from app.log import LOG, set_message_id
+from app.sender_blacklist import is_sender_blocked_for_user
 from app.mail_sender import sl_sendmail
 from app.mailbox_utils import (
     get_mailbox_for_reply_phase,
@@ -213,13 +214,37 @@ def get_or_create_contact(
                 mail_from,
             )
             contact_email = mail_from
+
+    # Decide whether we already have a matching contact BEFORE applying the global sender blacklist.
+    # This allows users to whitelist a specific sender by manually creating/enabling a Contact.
+    sanitized_contact_email = sanitize_email(contact_email, not_lower=True)
+    existing_contact = Contact.get_by(
+        alias_id=alias.id, website_email=sanitized_contact_email
+    )
+
+    # Only consult the global blacklist if NO matching contact exists yet.
+    # If matched, create a disabled Contact; the existing block_forward logic will refuse the email.
+    block_forward = False
+    if existing_contact is None:
+        block_forward = is_sender_blocked_for_user(
+            alias.user_id, mail_from, sanitized_contact_email
+        )
+        if block_forward:
+            LOG.i(
+                "Sender matched sender blacklist (global or user); creating disabled contact: mail_from=%s header_from=%s alias=%s",
+                mail_from,
+                sanitized_contact_email,
+                alias,
+            )
+
     contact_result = contact_utils.create_contact(
         email=contact_email,
         alias=alias,
         name=contact_name,
         mail_from=mail_from,
         allow_empty_email=True,
         automatic_created=True,
+        block_forward=block_forward,
         from_partner=False,
     )
     if contact_result.error: